Building Systems on Shaky Grounds - 10 Tactics to Manage the Modern Supply Chain

Explore a comprehensive conference talk that delves into 10 essential tactics for managing the modern software supply chain. Learn how to navigate the complexities of today's software engineering landscape, which heavily relies on open source and cloud ecosystems. Discover strategies to balance rapid development with security concerns as dependency trees expand and more vendors enter the picture. Gain insights into critical infrastructure considerations, red teaming exercises, vendor risk assessments, and threat modeling. Understand the importance of involving various teams, including marketing and sales, in the security process. Acquire practical knowledge on implementing software composition analysis tools, conducting code analysis, and establishing effective incident response protocols. This talk equips you with valuable techniques to enhance your organization's approach to supply chain management without sacrificing agility or introducing excessive friction.

Intro
Supply Chain
Value
Twitter
Open Source Libraries
Software Composition Analysis Tool
Code Analysis
Considerations
The Problem
Critical Infrastructure
Workers
Checking what youre building
Red teaming exercises
Red teaming tips
Marketing teams
Sales teams
Vendor risk assessments
Incident response
Priorities
Threat Modeling