Trust and Risk in the Software Supply Chain.pdf

1、Trust and Risk in the software supply chain Emmy EideDirector,Supply Chain SecurityProduct Security,Red Hat22022 State of the Software Supply Chain-SonatypeWhat is happening?Supply chain attacks are increasingWe are probably more vulnerable than we thinkF26173-2012113Security Tools and IdeasSecurity

2、 partnerships transform ideas to results Guidelines and ExpectationsSet forth ground rules(driven by policies as code)that engineers should be aware of up frontCoordinate ImplementationConsider development planning timelines,integration requirements,and maintenance upkeepTie it back to RiskBe able t

3、o articulate why IdM is important,what signing provides our customer,the risk of not scanning code and infrastructure throughout the supply chain.4P youRed Hat is the worlds leading provider of enterprise open source software solutions.Award-winning support,training,and consulting services make Red Hat a trusted adviser to the Fortune 500.