Peaks vs. Valleys – Perspectives on Software Supply Chains

Webinar Perspectives on Software Supply Chains 

Real-world supply chains can involve planes, ocean freighters, trains, trucks, and even bike couriers. So it’s no surprise that software supply chains also involve a wide variety of complementary production, distribution, and deployment channels. 

One of the challenges with securing software supply chains is that solutions must be combined to address each conduit supporting the entire chain. Patching the libraries your software engineers copied into your final build is insufficient—you must also consider your base images, the packages and platforms brought in via provisioning scripts, and even possibly plugins deployed by admins post-deployment!

Unfortunately, these disparate channels often have different weaknesses and vulnerabilities and require different security approaches. 

Watch this webinar with our special guest speaker and expert in open-source software ecosystems, John Speed Meyers,  and the vulnerability scanning implementor, Julius Musseau, as they discuss the important perspectives on software supply chains.

What they will go through:

  • An understanding of today’s sophisticated and multi-channel software supply chains
  • What are the risks, and how to manage them
  • Software Supply chains security best practices

Take a look at the big picture and discuss specific techniques tailored to protect some of these critical pieces better.

Open Source Research 

A lot of people will claim that open source is everywhere, but how much open source software is actually out there? In this paper, we propose a methodology and associated tool that can analyze Java binaries and determine the proportion of open source that comprises them. The result of our research shows that around 80 to 90% of the software is made from open source.

Ready to start to mitigate risks in your software supply chains?

MergeBase

About the Author

MergeBase