Despite the dramatic rise in software supply chain attacks, many organizations’ security controls still struggle to keep up with this pervasive threat. According to our recent survey, over 32% of organizations continue to implicitly trust open source language repositories.
The problem lies in the fact that development teams are under pressure to deliver new features, often at the expense of security practices. Teams that choose to vendor their open source dependencies are on the right track, but the practice of dependency vendoring often proves to be time-consuming, labor intensive, and unscalable.
Sound familiar? In this webinar for DevOps and security leaders, we discuss how to improve both security and development speed in your software supply chain. We’ll cover:
- The state of software supply chain security
- Pros and cons of dependency vendoring
- SLSA, a cross-industry framework for building software securely, originally proposed by Google
- How a secure build service can cost-effectively ensure the security and integrity of the open source dependencies your development teams require
Learn how to implement supply chain security best practices in the emerging SLSA standard without having to build it all from scratch.
Presenters:
Shaun Lowry, Language Engineering Team Lead at ActiveState
Shaun Lowry has been building other people's code for over 25 years. He has been building it for everything from a 3-man startup to multi-billion dollar enterprises and has seen it break in every conceivable way in a multitude of languages, frameworks and tools. He's worked porting other people's code across a variety of operating systems, developing security software, consulting on security, writing about security and now he's bringing it all together at ActiveState building a secure software supply chain for open source.
Dana Crane, Product Marketing Manager, ActiveState
With 25+ years in the software industry, Dana has both crossed and fallen into the chasm as a Product Marketer and Product Manager. When not playing basketball or writing blogs, his time is split between making products easier to use and easier to understand.