Securing the Software Supply Chain presented at OWASPAppSecCalifornia 2014

by John Weinschenk,

Summary : In today’s digitally connected world, organizations must work with multiple partners across their lines of businesses. As these partners are allowed to connect into the parent networks, the risk of propagating a vulnerability from a partner into parent networks increases. Cybercriminals are looking to exploit the holes in the partner and supply chain networks to steal corporate information and valuable data from parent networks. As these targeted attacks can be a substantial risk to organizations along the breadth of the supply chain, software security experts have been working to find a more permanent way to ensure the integrity of the software supply chain.
In this presentation, Cenzic’s CEO John Weinschenk will discuss the software supply chain domain, and the potential checks and balances that could enable companies to ensure the “chain of custody” as the applications connect across multiple networks. John will discuss methods for securing code as it is passed between organizations, and methods for improving the software development process so that vulnerabilities are less likely to be introduced.