Synopsis
As software supply chains grow increasingly complex, ensuring transparency and security has never been more critical. The Transparent Code Revolution: Ensuring Safety in Software Supply Chains dives into the global push for software transparency and explores how initiatives like the Software Bill of Materials (SBOM) are shaping compliance and visibility across the development lifecycle.
This session will examine the real-world challenges organizations face in gaining visibility into their software components and why this lack of insight poses serious risks. It will also highlight best practices for vetting open source packages and the pivotal role of SBOMs in building secure foundations for risk management.
Attendees will gain practical knowledge on conducting vulnerability reachability analysis to identify potential attack paths and how artificial intelligence is accelerating the remediation of threats through automation and intelligent insights.
Whether you're a developer, security professional, or technology leader, this seminar will equip you with actionable strategies to enhance transparency, mitigate risks, and future-proof your software supply chain.
Topic Overview
- Global Initiatives for Transparency: Transparency in software development is essential for meeting global regulatory requirements, such as those mandating the disclosure of software components. Notably, initiatives like the Software Bill of Materials (SBOM) are central to ensuring compliance and fostering visibility within the supply chain.
- Challenges in Achieving Visibility: Organizations often face significant hurdles in achieving comprehensive visibility into the components of their software. These challenges can undermine effective risk management, making it difficult to mitigate potential vulnerabilities within the supply chain.
- Vetting Open Source Packages: The adoption of best practices for vetting open source packages is critical to ensuring the security and reliability of third-party components. Employing robust tools and methodologies allows organizations to assess the safety of these components more effectively.
- From SBOM Creation to Risk Mitigation: The creation of a Software Bill of Materials (SBOM) is a crucial step in enhancing visibility and enabling more accurate risk assessments. By documenting all software components, an SBOM provides a foundational tool for effective risk mitigation.
- Vulnerability Reachability Analysis: Vulnerability reachability analysis is an essential technique for identifying potential attack vectors. This analysis helps to pinpoint and address supply chain risks before they can be exploited.
- Leveraging AI for Vulnerability Remediation: Artificial intelligence is playing an increasingly important role in automating the detection and remediation of vulnerabilities. Successful use cases illustrate how AI-driven solutions can significantly reduce supply chain risks by swiftly identifying and addressing security threats.
This presentation will explore these key areas in detail, providing practical insights into how transparency and technology can transform the safety of software supply chains.
Register now to secure your spot!
Agenda
6:45PM - 7.20PM - Registration, light dinner & networking
7:20PM - 7.30PM – Welcome & Introduction of Agenda and Speaker
7.30PM - 8:30PM - The Transparent Code Revolution: Ensuring Safety in Software Supply Chains
8:30PM - 8:45PM - Q&A & Wrap-Up by ISC2 President
About the Speaker
Daniel Chernov , CEO of DerScanner
Daniel Chernov has wealth of expertise in cybersecurity. With a degree in cybersecurity, Daniel began his career as a cybersecurity consultant, earning prestigious global certifications such as Certified Information Systems Auditor (CISA) from ISACA and Certified Information Systems Security Professional (CISSP) from ISC2. His extensive experience includes conducting cybersecurity audits, including ISO 27001 evaluations, and assessing technical security for companies across the United States, Europe, the Middle East, and the APAC region. For the past decade, Daniel has been dedicated to evolving DerScanner's application security testing platform, leveraging best-of-breed technology to enhance the security of customer applications.
https://www.linkedin.com/in/daniel-chernov-cisa-cissp-00a8101b/
Additional info about the Venue
Attendees can choose to:
- Before arriving (not more than 48hrs ahead), please self-register your visit via https://vms.smu.edu.sg/selfregistration.aspx. Upon
successful registration, they will receive an email notification with a
visitor QR-code which they can scan the QR-code at the scanner at the
designated visitor lane to enter the building. Likewise for exit, they
will use the QR code to exit the building.
OR
- Participants
can just inform security the name of the event and which room they are
going to. They will give the participants a sticker and open the
turnstile for entry. Likewise for exit, without the QR code, they will
have to inform security to open the turnstile to exit the building.
Without the QR code, it would meant that your attendees would have to
wait for the security if he/she steps out for patrol or use the
washroom.
Venue:
Seminar Room B1.2 (Basement 1) of Singapore Management University (SMU)
School of Economics/School of Computing & Information Systems 2
90 Stamford Road, Singapore 178903
Home | Maps @ SMU
Parking:
Carpark Information | Singapore Management University (SMU)
Google Maps
Public Transport:
The
nearest MRT stations are City Hall Station (Red Line) and Bras Basah
Station (Circle Line). You may also take a 10-minute walk from Bencoolen
Station (Downtown Line).
Bus Service: Lee Kong Chian School of Business: 130, 133, 145, 197, 851, 851e, 960, 960e
************************************************************************************
This is a DerScanner-sponsored chapter professional development event, thus 1.5 CPE hours will be available for your CPE submission. To facilitate submission of CPE points on your behalf by the local chapter - please identify yourself clearly with <ISC2 membership number> + your full name when you sign up or during registration onsite.
Notes:
1) As spaces are limited, if you cannot attend after registering, please cancel your registration or email info@isc2chapter.sg at least 2 business days before the event.
2) For ISC2 members residing in Singapore who are not yet members of our local Singapore Chapter, please sign up with us through our ISC2 Singapore Chapter website under "Membership-Join us"
- https://www.isc2chapter.sg/join-us
Membership Rates:
Professional Member: $50/year
Associate Member (Non-credential holders): $30/year
Student Member: $10/year
