Today’s technology leaders play a more strategic role in establishing cybersecurity strategy for their organizations. This webinar will teach you what you can do to prevent a hole in your software supply chain, so bad actors are unable to slip in and take advantage.
7. Process and set of tools used to
identify and manage the open-
source and third-party software
components and libraries used in
software applications
Open-Source Software
constitutes 70-90% of any given
piece of modern software solutions
• Component Identification
• License Compliance
• Vulnerability Management
• Dependency Management
• Policy Enforcement
• Reporting and Remediation
KEY ASPECTS
• Enhance security
• Maintain license compliance
• Mitigate risk
GOALS
SCA
What is Software Composition Analysis?
DEFINITION
PREVALENCE
8. The value of SCA in
your security strategy
You can’t comply, secure and remediate
open source if you’re not aware of where
it exists in your organization
10. Emerging regulations to protect software users
• Enhance supply chain security. The strategy includes initiatives to improve
the security of the supply chains that support critical infrastructure, and
federal systems to reduce the risk of cyberattacks and disruptions.
• Improve incident response and recovery. The strategy emphasizes the need
for effective incident response and recovery capabilities.
• Promote cybersecurity workforce development. The strategy includes
initiatives to address the cybersecurity skills gap — such as
promoting cybersecurity education and training programs.
• Strengthen partnerships with the private sector. The strategy highlights the
private sector’s key role in cybersecurity and includes initiatives to enhance
public-private partnerships — such as sharing threat intelligence, promoting
best practices, and facilitating joint exercises and simulations.
• Transparency in the use of third-party OSS components
• Software Bill of Materials - mandatory
• Process for remediation - mandatory
• Concerns regarding liability exemptions for OSS developers
• Going through Parliament
12. Open source visibility and control are
essential to maintain the security,
license compliance, and code quality
of automotive software applications
and platforms
Today’s connected
vehicles
Source: How Software Engineering is Changing the Automotive Industry
13. Enhancing your security posture through
scan, analysis and SBOM management
Recognize and manage risks associated with
third-party and open-source software
components
Identify components
Scan for vulnerabilities
Assess your risk
Receive remediation guidance and support
Access dependency graphs
Automate policy enforcement
Generate a Software Bill of Materials
14. Key
takeaways
Put in place the right tooling to complement your tech stack
and what works for your business.
1
Implement the right policies, processes and people.
2
Understand both the industry you’re in and the industry(s) you sell to.
3
Set yourself up to provide an inventory of the products you produce
and/or procure for the next major vulnerability event (i.e. Log4j).
4
Do something; take the next step.
5