Toronto: Software Supply Chain Challenge: Not Ships and Ports, but SaaS and CyberCriminals

Description

According to a recent VMblog Software supply chain attacks grew by 4X in 2021 compared to last year, with more vulnerabilities and attacks discovered every month. According to ENISA's (the European Union Agency for Cybersecurity) mapping on emerging supply chain attacks finds 66% of attacks focus on the supplier's code and software supply chain, exploiting the trust that customers put in their suppliers to distribute their attacks or malware.

The massive effect of these attacks puts software companies on the attacker's priority list and requires them to bolster their security around their development environment to better protect their infrastructure and application. Security teams need to acquire the relevant knowledge and the cooperation of the development teams in order to define and execute an effective software supply chain security; a security strategy and tools that can provide real prevention against supply chain attacks before it reaches their customers' environments.

Join as we review this and discuss:

• Do risk questionnaires work?
• How do you account for OpenSource?
• Building out a security fabric of trust.

 George Gerchow, Chief Security Officer
As Sumo Logic's Chief Security Officer, George Gerchow brings over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. His background includes the security, compliance, and cloud computing disciplines. Mr. Gerchow has years of practical experience in building agile security, compliance and, purple teams in rapid development organizations. These insights make him a highly regarded speaker, and invited panelist on topics including DevSecOps, cloud secure architecture design, virtualization, compliance, configuration management, and operational security and compliance. George has been on the bleeding edge of public cloud security and privacy since being a co-founder of the VMware Center for Policy & Compliance. Mr. Gerchow is also an active Board Member for several technology start-ups and the co-author of the Center for Internet Security - Quick Start Cloud Infrastructure Benchmark v1.0.0 and the MISTI Fundamentals in Cloud Security. He is a Faculty Member for IANS - Institute of Applied Network Security and Cloud Academy.