Implementing a Supply Chain Approach to Build and Deploy Secure Applications - AppSecEU 2016

Explore a comprehensive conference talk from AppSecEU 2016 in Rome that delves into implementing a supply chain approach for building and maintaining trust in software development. Learn about the Jenkins vulnerability, its mitigation, and the broader implications for software security. Discover the importance of central repositories, MITRE and Verizon databases, and compound risks in the software supply chain. Gain insights into prevention strategies, including compliance standards like PCI DSS, and the concept of transitive dependencies. Examine the software delivery pipeline, emphasizing standardization, catalog control points, and automation. Understand the Onion Model of Testing, Rugged Software Factory principles, and the significance of a Bill of Materials. Explore reverse engineering techniques, leadership in security, and test-driven development practices. Access valuable references for scaling secure software development processes.

Introduction
Ikkas background
Jenkins vulnerability
Jenkins mitigation
How many Jenkins instances
What is the real cause
Main Central Repository
MITRE Database
Verizon Database
Compound risks
How to prevent this
Standards
PCI DSS
Compliance Ease Security
Supply Chains
Deming
transitive dependencies
Control the quality of your suppliers
Software delivery pipeline
Missing component
Standardization
Catalog Control Point
Leverage Automation
Onion Model of Testing
Security
Rugged Software Factory
Bill of Materials
Reverse Engineering
Leadership
Testdriven development
References
Scaling