Expecting Secure, High-Quality Software: Mitigating Risks throughout the Lifecycle
Speaker: Joe Jarzombek, Director for Government, Aerospace and Defense Programs, SynopsysPresented live on September 10, 2018 As the cyber threat landscape evolves and external dependencies grow more complex, managing risk in the supply chain must focus on the entire lifecycle. The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure sectors. With IoT increasingly dependent upon third-party software of unknown provenance and pedigree, software composition analysis and other forms of testing are needed to determine ‘fitness for use’ and trustworthiness. Application vulnerability management should leverage automated means for detecting weaknesses and vulnerabilities. Addressing software supply chain dependencies enables enterprises to harden their attack surface by: comprehensively identifying exploitable components and providing more responsive mitigations. Security automation tools and services, and testing and certification programs now provide means upon which organizations can use to reduce risk exposures attributable to exploitable software in IoT devices. Attendees will learn:
- How external dependencies create risks throughout the IoT/software supply chain;
- How software composition, static code analysis, fuzzing, and other forms of testing can be used to determine weaknesses and vulnerabilities that represent vectors for attack and exploitation;
- How testing can support procurement and enterprise risk management to reduce risk exposures attributable to exploitable software in IoT devices.