IEEE Secure Development Conference

October 18 - 20, 2021
Virtual Conference

Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy



Posted on: October 4th, 2021 by SecDev
Panel: Understanding and Mitigating Software Supply Chain Security Risks

Moderator: Santiago Torres Arias, Purdue University
  • Dan Lorenc, Software Engineer, Google
  • Aeva Black, Open Source Hacker, Azure Office of the CTO
  • Asra Ali, Software Engineer, Google
  • Luke Hinds, Security Lead, Office of the CTO, Red Hat

Abstract: Since the SolarWinds compromise, software supply chain compromises
have received widespread visibility. With it, various pushes from industry, academia, and even government action have attempted to set the groundwork to mitigate their impact and recurrence. However, although their prevalence is on the rise, their insidious nature is still misunderstood and with it, the current solutions fall short in solving this problem. To further complicate things, attempts to mitigate supply chain attacks require coordination from various ecosystems and disciplines, which raises technical, theoretical, and operational challenges.

This panel will focus on bringing forth the current state of affairs, state of the art, and future work in software supply chain security. The discussion will be centered on outlining the latest supply chain attacks, as well as mapping the landscape of technologies and tools designed to mitigate them. Finally, the panel will describe the current challenges, open questions, and opportunity areas to direct future research in the space.