Best Practices for How to Identify and Rectify Software Supply Chain Vulnerabilities Quickly and Efficiently

The upcoming hybrid event, “Securing the Software Supply Chain with Human Performance and Interoperability,” will take place in person and online on Monday, March 20, 2023, beginning at 8:00 AM Eastern Standard Time at the Central Florida Tech Grove in Orlando, Florida.

In the wake of recent events and the memorandums like Executive Order (EO) 14028, NIST SP 800-218 SSDF, and the National Cyber Security Strategy from the White House, more questions are rising around these topics. During this one-day event, leaders will discuss open-source vulnerability management, compliance, and how to move to a minimum standard of care for securing software supply chains, vital to interoperability initiatives.

Register to join in person or online here: https://ibm.webcasts.com/starthere.jsp?ei=1597923&tp_key=bcaad926a1

Marc Andreessen’s publication, “Why Software is Eating the World,” describes how code has changed our world as we know it. Software is pivotal to fueling digital and social transformation. Yet, 75% of software projects fail in both budget by 46% and schedule 82%. Firms began using open-source software (OSS) for the speed, cost, and belief that many collaborators would be more efficient and secure—in fact, open-source software makes up 90% of most modern applications. This has created a vulnerability for all of us. There has been an astonishing 742% average annual increase in software supply chain attacks each year over the past three years. Quality experts including Juran and Deming stress that the vast majority (85 to 94%) of the time, the answer is found in that the processes are not up to the task of handling all the variations, and as a result, customer expectations are not met.

Section 4 of Presidential Executive Order 14028 on Improving the Nation’s Cybersecurity describes new requirements for “Enhancing Software Supply Chain Security.” It calls for transparency and controls to resist and prevent software supply chain vulnerabilities and malicious attacks. This includes the requirement for the creation of a Software Bill of Material (SBOM) for all applications, and the deployment of automated tools that check for known and potential vulnerabilities for remediation and monitoring. Many agencies have not updated their vulnerability management technology or software. Without a blueprint and process of their software supply chain, government agencies and integrators lack visibility and a decision support system to identify exploitive vulnerabilities and the ability to then rectify them.  This liability of negligence, incompetence, and misconduct is significant.

The Biden Administration has also released a new National Cybersecurity Strategy that calls on its allies, partners, and the private sector, to build and mature a digital ecosystem that is more resilient against cyber-attacks and better serves society. Most notably, the strategy is composed of two main fundamental shifts in how the United States will allocate roles, responsibilities, and resources in cyberspace:  A call for cybersecurity liability and holding software providers responsible and aligning incentives to favor long-term investments in cybersecurity. These strategies pave the way for Global legislation.

At this session, you will learn about best practices for how to identify and rectify software supply chain vulnerabilities quickly and efficiently. With the Executive Order 14028 requiring a minimum standard of care that includes itemizing the Software Bill of Materials, we can begin our journey to better outcomes. Live labs and demonstrations will be available.

Guest Speakers includes:

Dr. Waldemar Karwowski – Pegasus Professor and Chairman, Department of Industrial Engineering and Management Systems, University of Central Florida.

Dr. Jeff Daniels – Director of Business Transformation & Systems Modernization at Lockheed Martin Corporation

Brian Fox – Founder of Apache Maven, Founder and CTO of Sonatype

Ademola Adejokun – Cyber System Security Engineer with Lockheed Martin Aeronautics Company.

Carol Ann Dykes Logue leading Economic development – Director, Programs & Operations Innovation Districts & Incubation Program – UCF Research Foundation’s Senior Leader for the Central Florida Tech Grove

Harry Donaghy, IBM Engineering Life-Cycle Management

We hope you’ll join us on March 20 for this exciting event! It’s the perfect opportunity to learn more about securing software supply chains, connect with other professionals, and further your tech career. We look forward to seeing you there!