Attacks like those targeting SolarWinds and 3CX have prompted calls for software producers to develop their applications with security in mind.
However, cybercriminals and state-backed hacking crews won’t wait for that to happen, and businesses can’t wait to use their commercial software either.
As such, we need to consider all the roles that participate in the supply chain, from development to procurement. That way, we can begin to manage this risk even when the software we rely on isn’t always secure by design.
However, securing software supply chains is no simple task.
Fortunately, a new book charts out a path for organizations to broadly identify cybersecurity risks and lock down development and procurement pipelines. In the latest edition of the RL Book Club Series, host Paul Roberts interviews Cassie Crossley, the Vice President of Supply Chain Security at Schneider Electric about her new book from O’Reilly: Software Supply Chain Security.
Key discussion points:
✓ The rapidly evolving threat environment of software supply chain attacks
✓ Where the weakest links are in organization’s software supply chain
✓ How software producers can assemble the building blocks for a robust software supply chain security program
✓ Why it is essential for software buyers to evaluate third-party risk in the supply chain
Ten lucky attendees will be chosen to receive a copy of Cassie Crossley's book, Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Hardware, and Firmware
About Cassie Crossley
Cassie Crossley, Vice President, Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development. She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, program management, and data privacy. Cassie has designed frameworks and operating models for end-to-end security in software development lifecycles, third party risk management, cybersecurity governance, and cybersecurity initiatives.