3rd Party Applications – A Supply Chain Security Nightmare presented at SourceDublin 2015

by Matt Bartoldus,

Summary : This talk discusses why the need for both technical and process related assurance activities when deploy- ing software and systems from a 3rd party vendor. It goes through the traditional processes used for 3rd party assessments and why these present challenges in terms of acquiring the right level of assurance.
It then dives in to what are the ‘nightmares’ in terms of achieving security assurance. The talk wraps up with ideas for helping address the challenges in achieving the right level of assurance around 3rd party systems and applications.