Supply chain security has become a massive talking point across the software industry over the last several years, from open source communities all the way to government circles and regulated industries. Unfortunately, the problem space is complex and encompasses several dozen individual threat vectors at different points of the development lifecycle that each require individual fixes.
This talk will cover the state of software supply chain security over the last 40 years. Attendees will learn how to detangle the mess of related but distinct problems that are facing the industry, and how open source fits in and plays a critical role. The talk will also cover new techniques for mitigating and protecting against these threats, in both open source and proprietary software development environments.