This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, July 1 • 10:20 - 11:05
A chain of trust: How to implement a supply chain approach to build and launch that rocket

Sign up or log in to save this to your schedule and see who's attending!

A new entrant to the OWASP Top 10 2013 ranking was A9 - Using components with Known vulnerabilities. Increasingly, the compromise point of an application has not been due to code that has originated in house, the 2015 Data Breach Investigations Report states 97% of attack mediums can be traced to 10 CVES. Standards like PCI-DSS call for auditing and constant monitoring of the status of these components, but often this leads to controls outside the realm of what is scaleable. Luckily, security of can be and is a developer choice as much as a process. In this session we talk through what can be done to implement a process that helps lower compound risk from 3rd party suppliers as early in the software lifecycle as is possible, and how to help facilitate security as a part of the DevOps culture

avatar for Ilkka Turunen

Ilkka Turunen

SE, Sonatype
Ilkka Turunen is a Solutions Architect working at Sonatype in Europe and Asia. His background is in software and systems engineering, acting as an architect for several commercial projects. He's helped define everything from the software design to web-scale infrastructure architectures and regularly works with companies across the world to understand and improve their software supply chain and continuous delivery pipelines.

Friday July 1, 2016 10:20 - 11:05
Room A (Michelangelo Ballroom Sect. 3)

Attendees (15)