Software Supply Chain Concerns for DevSecOps Programs

May 19, 2021 • Webcast

By

Aaron K. Reffett and Richard Laughlin

In this webcast, Aaron Reffett and Richard Laughlin explore the important architectural aspects of DevSecOps that are impacted by the software supply chain.

Publisher

Software Engineering Institute

Topic or Tag

Watch

Abstract

In a DevSecOps world the software supply chain extends beyond libraries upon which developed software depends. In this webinar we will look at the Solarwinds incident as a worst-case exemplifying the breadth of the software supply chain issues confronting complex DevSecOps programs. We will explore the important architectural aspects of DevSecOps that are impacted by the software supply chain that require attention and potential mitigations to detect and respond to potential incidents.

What attendees will learn:

The software supply chain issue is broad and impacts multiple aspects of DevSecOps
Programs need to be aware of how the software they leverage presents risks
Mitigation strategies must be put in place to address potential issues at the architectural level

About the Speaker

Aaron K. Reffett

Aaron Reffett is a senior member of the technical staff in the CERT Cybersecurity Foundations directorate of the Software Engineering Institute (SEI). He develops and operates applications for the analysis of cyber-related data in support of Department of Defense (DoD) and Department of Homeland Security (DHS) missions. In addition, he …

Richard Laughlin

Richard Laughlin is an SEI alumni employee.

Software Engineering Institute