The numerous risks associated with the Software Supply Chain and how they might be addressed are highlighted.
Watch the video
Synopsis
Creating software is increasingly complex as it is increasingly constructed using components, frameworks and libraries from, often unknown, 3rd parties. Significant improvements are required with many of the recent security vulnerabilities that have impacted businesses originating from these hidden components.
The Log4Shell vulnerability in 2021 highlighted how little many organisations knew how their software applications had been constructed. Increased transparency of the way software is constructed and managed is now the subject of growing interest across the world with legislation now appearing in the US, EU and elsewhere in the world (although the UK is noticeably not yet!).
The impact of this will have some significant implications for product providers in the UK and lead to some new opportunities. With the increased use of AI in software-based products, the supply chain for software is about to get even more complex.
This talk will describe the software supply chain landscape and offer some insights into emerging solutions to manage the risk within software-based products more effectively.
About the speaker
Anthony Harrison
Anthony Harrison has been developing and delivering mission-critical applications for over 40 years.
The majority of his career has been spent with Thales (and its predecessor companies), working on various complex programs where he held various roles in software, systems and cyber engineering, as well as providing technical leadership for a number of programmers.
He is the Founder and Director of APH10, which helps organisations manage software risk more effectively. He has been developing open source software actively for a number of years; most recently, the applications have been related to supporting the software supply chain through utilities to generate and analyse software bills of materials (SBOMs).
He is an active member of a number of the industry forums looking at SBOMs, including OWASP, CycloneDX and SPDX. He has presented at various open source conferences, including FOSDEM, EuroPython, PyCascades, OW2 and StateofOpen and was a member of the panel at the NGI Forum 2023, which discussed Software Supply Chain Security.
He has been a mentor for the Google Summer of Code for the past three years via the Python Software Foundation.
Our events are for adults aged 16 years and over.
BCS is a membership organisation. If you enjoy this event, please consider joining BCS. You’ll be very welcome. You’ll receive access to many exclusive career development tools, an introduction to a thriving professional community and also help us Make IT Good For Society. Join BCS today
For overseas delegates who wish to attend the event, please note that BCS does not issue invitation letters.
COVID-19
BCS is following government guidelines, and we would ask attendees to continue to follow these guidelines:
England: https://www.nhs.uk/conditions/coronavirus-covid-19/
Scotland: https://www.gov.scot/coronavirus-covid-19/
Wales: https://www.gov.wales/coronavirus
Northern Ireland: https://www.gov.uk/foreign-travel-advice/ireland
This event is brought to you by: BCS Information Risk Management and Assurance (IRMA) specialist group and BCS Information Security specialist group
