Third Party Software Assessments for Modern Development presented at SupplyChainCybersecuritySummit 2019

by Chris Wysopal,

Summary : Software is no longer delivered on a CD-ROM with occasional updates. Software delivery has become a continuous process for SaaS, mobile and desktop apps. So what value is a point in time assessment to understand the risk accepted by software users? Software assessments must become continuous and process based. There is also a need to balance the transparency desired by software users with the needs of vendors to be effective in software delivery and maintenance. We need continuous assessment with the right level of transparency to keep up with our rapidly changing and deeply nested software supply chains.