DOES US 2021 has ended
Back To Schedule
Tuesday, October 5 • 1:50pm - 2:20pm
Thinking Upstream About White House Cybersecurity Executive Order 14028

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In recent years, we have seen an increase in the number of catastrophic supply chain attacks in both open source software (such as with event-stream and recent dependency confusion vulnerabilities) and in the proprietary software world (with the SolarWinds and Hafnium exploits).

Dealing with open source supply chain attacks can be particularly daunting due to the simple fact that rather than working with a single supplier (like SolarWinds), there can be dozens of suppliers (open source maintainers with commit privileges) for a single component. This means that your open source supply chain can include thousands of discrete suppliers when you consider that at least 70% of the code that makes up the average modern application is open source. To manage open source effectively, you need to have a strategy to address at scale a wide array of potential attack vectors and software maintenance issues.

In this presentation, Tidelift CEO Donald Fischer will give application development leaders a frank assessment of the current state of software supply chain security, including an overview of common vulnerability types and an analysis of recent US government policy designed to secure the software supply chain. He’ll then share the best practices top organizations are using for open source software supply chain management and governance today, along with a set of immediately actionable recommendations organizations can implement as part of a comprehensive strategy for managing open source health and security.

avatar for Donald Fischer

Donald Fischer

CEO and Co-founder, Tidelift
Donald Fischer is co-founder and CEO of Tidelift. Previously he was a venture partner at General Catalyst, a member of the investment team at Greylock Partners, and an executive at Typesafe (now Lightbend) and Red Hat. He holds a BS in Economics and Computer Science from Yale University... Read More →

Tuesday October 5, 2021 1:50pm - 2:20pm CDT
Track 1