Over the last year cybersecurity has been pushed to the mainstream media as a critical threat to everyone from threats and vulnerabilities found i our most trusted open source libraries to executive orders demanding more diligent practices to mitigate these risks.
Cybersecurity practices have often, historically, been managed as at the infrastructure and network layer to secure the systems that applications run on. While important, it takes a very operational view of security and introduces gaps not only in the delivery of software but in the processes from ideation too long term management. In this talk Eric will examine how organizations can adopt new practices including frameworks such as SLSA, best practices, community innovation and strategic realignment to enforce a stronger proactive approach to software supply chain security across the SDLC and beyond.