Securing Global Software Supply Chains (Webinar)

WATCH WEBINAR

About the Webinar

The increasingly global nature of software development has raised concerns that global supply chains could be compromised, allowing malicious code to be inserted into a delivered software product during development, or enabling a compromised product to be substituted during delivery or installation.  However, the intentional exploitation of software vulnerabilities inadvertently introduced during development continues to be the most attractive means of an attack. Each step in a supply chain can be a source of such vulnerabilities, and increased assurance for the final product requires the consistent application throughout the supply chain of development techniques demonstrated to reduce the likelihood of vulnerabilities.

Commercial firms and state and federal government agencies that acquire software, have shifted responsibility for software assurance to the software contractors, integration contractors, and software product vendors that participate in the corresponding supply chain.  In these instances, software assurance cannot be improved until effective techniques for reducing vulnerabilities are incorporated into the software supply chain.

This webinar will discuss an ongoing SEI effort to develop an approach for assessing software supply chains and identifying the associated software assurance risks.

About the Speakers

ellisonBob Ellison is a senior member of the technical staff of the CERT program at the SEI. He is currently the technical leader of a project funded by the Department of Homeland Security (DHS) on supply-chain risks. He participated in the design and development of the DHS Build-Security-In website and continues to contribute articles to it.  His recent work includes the development of the Survivability Analysis Framework, which considers the affects of security threats on complex operational business processes. He coauthored the book Software Security Engineering: A Guide for Project Managers, which was published by in Addison-Wesley 2008.
 

Securing Global Software Supply Chains (Webinar)

PDF [1552 KB]

Download Presentation

PRESENTATION

Author

Robert J. Ellison

This presentation is related to the following area(s) of work:

Security and Survivability
Software Assurance

Published: June 2010

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.