US cyber departments issue software supply chain security guidance

US cyber departments issue software supply chain security guidance

Three cyber focused departments have this week released the last part of a three-part joint guidance of securing the software supply chain.

Everything You Wanted to Know About Securing the Software Supply Chain but Were Afraid to Ask

– sponsored by Cloudsmith

From the history of supply chain security threats to security development and deployment we will cover everything you’ve always wanted to know about the software supply chain but were afraid to ask. Join Dan Lorenc, Founder/CEO, Chainguard, Paddy Carey, Senior Staff Engineer, Cloudsmith, Adil Leghari, Solutions Architect Manager, Cloudsmith and Dan McKinney, Developer Relations, Cloudsmith, for a fireside chat covering your most burning questions:

– What got us here? Types of attacks – availability, dependencies, development tools, and more.
What’s being done? A look at OSS projects and initiatives that were born out of the SSC security need.
– Why is this a hard problem? Software supply chain challenges and considerations
– What are we doing, and how can you help? What have Cloudsmith & ChainGuard been working on to make these issues easier to tackle, and what you and your organization can do to help.

Taking Control of Cyber-Supply Chain Security

Allan Friedman, Director of Cybersecurity, NTIA / US Department of Commerce
Beau Woods, Cyber Safety Advocate, I Am The Cavalry

Software has eaten the world, and its supply chain gives us heartburn. This presentation will outline a framework for understanding supply chain risks and provides concrete recommendations for policy makers and company executives based on real-world examples, and give an overview of the emerging best practice around ‘Software Bill of Materials’.

EPRI Cyber Security in the Supply Chain Guidance

This is a video brief that introduces EPRI Technical Report 3002012753, Cyber Security in the Supply Chain, Cyber Security Procurement Methodology, Revision 2.

New Guidelines for Enhancing Software Supply Chain Security Under EO 14028

Jon Boyens, Deputy Chief, National Institute for Standards and Technology (NIST)
Cherilyn Pascoe, Senior Technology Policy Advisor , National Institute of Standards and Technology (NIST)

This session will review new guidelines under EO 14028. The National Institute of Standards and Technology, in consultation with industry and other Federal agencies, is completing standards and guidelines updates and new software supply chain security requirements affecting software acquisition. The initiatives apply to the full Federal software supply chain, including consumer software and IoT devices.