filmov
tv
Trusting Your Open-Source Software Supplier - Ross Bryant, Phylum
Показать описание
Trusting Your Open-Source Software Supplier - Ross Bryant, Phylum
The landscape of open-source software utilization within the public sector has changed substantially over the last few years, as has the landscape and security concerns surrounding open-source software (OSS) itself. This presentation will cover some of the fundamental challenges associated with mapping OSS utilization to current policies and controls. You’ll learn best practices for complying with recent updates to the NIST SSDF and SP 800-161, as well as the new directives around Software Bill of Materials (SBOMs) to the open-source components of the software supply chain: from suppliers to artifacts, including packages, containers, and the myriad OSS tools, extensions and plugins leveraged throughout the SDLC. Additionally, this presentation will examines the fundamental security model that OSS represents, its constituent components and evolving attack surface. You’ll also hear commentary on how threat actors and their Tactics, Techniques, and Procedures (TTPs) have evolved over the last few years within the microcosm of OSS, and learn how current controls need to shift in order to address this new area of exposure.
The landscape of open-source software utilization within the public sector has changed substantially over the last few years, as has the landscape and security concerns surrounding open-source software (OSS) itself. This presentation will cover some of the fundamental challenges associated with mapping OSS utilization to current policies and controls. You’ll learn best practices for complying with recent updates to the NIST SSDF and SP 800-161, as well as the new directives around Software Bill of Materials (SBOMs) to the open-source components of the software supply chain: from suppliers to artifacts, including packages, containers, and the myriad OSS tools, extensions and plugins leveraged throughout the SDLC. Additionally, this presentation will examines the fundamental security model that OSS represents, its constituent components and evolving attack surface. You’ll also hear commentary on how threat actors and their Tactics, Techniques, and Procedures (TTPs) have evolved over the last few years within the microcosm of OSS, and learn how current controls need to shift in order to address this new area of exposure.
0:24:32
0:07:32
0:00:37
0:04:34
0:11:25
0:12:08
0:15:58
0:07:44
0:48:33
0:04:47
0:10:00
0:44:36
0:13:36
0:16:20
0:00:15
0:00:24
0:44:37
0:45:12
0:44:56
0:00:32
0:17:02
0:15:01
0:11:52
0:00:18