The Transparent Code Revolution: Ensuring Safety in Software Supply Chains

  • 6 May 2025
  • 6:45 PM - 8:45 PM
  • Seminar Room B1.2 (Basement 1), School of Economics/School of Computing & Information Systems 2, 90 Stamford Road, Singapore 178903
  • 49

Registration

  • (You have not signed up as a member with the local Singapore Chapter)
Register





Synopsis


As software supply chains grow increasingly complex, ensuring transparency and security has never been more critical. The Transparent Code Revolution: Ensuring Safety in Software Supply Chains dives into the global push for software transparency and explores how initiatives like the Software Bill of Materials (SBOM) are shaping compliance and visibility across the development lifecycle.


This session will examine the real-world challenges organizations face in gaining visibility into their software components and why this lack of insight poses serious risks. It will also highlight best practices for vetting open source packages and the pivotal role of SBOMs in building secure foundations for risk management.


Attendees will gain practical knowledge on conducting vulnerability reachability analysis to identify potential attack paths and how artificial intelligence is accelerating the remediation of threats through automation and intelligent insights.


Whether you're a developer, security professional, or technology leader, this seminar will equip you with actionable strategies to enhance transparency, mitigate risks, and future-proof your software supply chain.



Topic Overview


  1. Global Initiatives for Transparency: Transparency in software development is essential for meeting global regulatory requirements, such as those mandating the disclosure of software components. Notably, initiatives like the Software Bill of Materials (SBOM) are central to ensuring compliance and fostering visibility within the supply chain.


  2. Challenges in Achieving Visibility: Organizations often face significant hurdles in achieving comprehensive visibility into the components of their software. These challenges can undermine effective risk management, making it difficult to mitigate potential vulnerabilities within the supply chain.


  3. Vetting Open Source Packages: The adoption of best practices for vetting open source packages is critical to ensuring the security and reliability of third-party components. Employing robust tools and methodologies allows organizations to assess the safety of these components more effectively.


  4. From SBOM Creation to Risk Mitigation: The creation of a Software Bill of Materials (SBOM) is a crucial step in enhancing visibility and enabling more accurate risk assessments. By documenting all software components, an SBOM provides a foundational tool for effective risk mitigation.


  5. Vulnerability Reachability Analysis: Vulnerability reachability analysis is an essential technique for identifying potential attack vectors. This analysis helps to pinpoint and address supply chain risks before they can be exploited.


  6. Leveraging AI for Vulnerability Remediation: Artificial intelligence is playing an increasingly important role in automating the detection and remediation of vulnerabilities. Successful use cases illustrate how AI-driven solutions can significantly reduce supply chain risks by swiftly identifying and addressing security threats.


This presentation will explore these key areas in detail, providing practical insights into how transparency and technology can transform the safety of software supply chains.


Register now to secure your spot!




Agenda


6:45PM - 7.20PM - Registration, light dinner & networking


7:20PM - 7.30PM  Welcome & Introduction of Agenda and Speaker


7.30PM - 8:30PM - The Transparent Code Revolution: Ensuring Safety in Software Supply Chains


8:30PM - 8:45PM - Q&A & Wrap-Up by ISC2 President




About the Speaker



Daniel Chernov , CEO of DerScanner


Daniel Chernov has wealth of expertise in cybersecurity. With a degree in cybersecurity, Daniel began his career as a cybersecurity consultant, earning prestigious global certifications such as Certified Information Systems Auditor (CISA) from ISACA and Certified Information Systems Security Professional (CISSP) from ISC2. His extensive experience includes conducting cybersecurity audits, including ISO 27001 evaluations, and assessing technical security for companies across the United States, Europe, the Middle East, and the APAC region. For the past decade, Daniel has been dedicated to evolving DerScanner's application security testing platform, leveraging best-of-breed technology to enhance the security of customer applications.


https://www.linkedin.com/in/daniel-chernov-cisa-cissp-00a8101b/




************************************************************************************


This is a DerScanner-sponsored chapter professional development event,  thus 1.5 CPE hours will be available for your CPE submission. To facilitate submission of CPE points on your behalf by the local chapter - please identify yourself clearly with <ISC2 membership number+ your full name when you sign up or during registration onsite.



Notes:

1) As spaces are limited, if you cannot attend after registering, please cancel your registration or email info@isc2chapter.sg at least 2 business days before the event.


2) For ISC2 members residing in Singapore who are not yet members of our local Singapore Chapter, please sign up with us through our ISC2 Singapore Chapter website under "Membership-Join us"

 - https://www.isc2chapter.sg/join-us


Membership Rates:
Professional Member: $50/year
Associate Member (Non-credential holders): $30/year
Student Member: $10/year


© Copyright 2025. ISC2 Singapore Chapter. All Rights Reserved.

Powered by Wild Apricot Membership Software