📢 Beyond the Code: Securing Your Software Supply Chain I’m thrilled to announce that I’ll be delivering a two-day comprehensive training program on Supply Chain Security at c0c0n 2023!
👩💻 What is a Software Supply Chain? It’s a holistic ecosystem, going far beyond just your own code. It comprises all the people, code, systems, and processes that contribute to the development and delivery of software. (Google has done a fantastic job describing it here https://cloud.google.com/software-supply-chain-security/docs/overview )
🛡 Why Supply Chain Security? Securing every touchpoint in this complex ecosystem is critical. It’s about more than just the Software Bill of Materials (SBOM); it extends to every stage of development and implementation.
🎯 Who Should Attend? If you’re in software development or interested in the software development life cycle, this training is for you.
📝 Course Content:
Day One: Understanding and Attacking Software Supply Chains Introduction to Software Supply Chain Supply Chain Beyond Code Dependencies Attacking Development Environments Attacking Code Repositories Attacking Dependencies and Package Management Attacking CICD Pipeline Attacking Container and Virtualization Environments Mapping the Attacks to MITRE ATT&CK
Day Two: Defending Software Supply Chains Introduction to Defense Strategies: SLSA and NIST SSDF Securing Development Environments Securing Code Repositories Secure Package Management and Dependency Security Secure CICD Pipeline Secure Container and Virtualisation Environments
👉 Registration is Now Open: https://india.c0c0n.org/2023/registration 🚨 Limited seats available, so secure your spot now!
I look forward to seeing you at c0c0n 2023 and delving into the critical subject of Supply Chain Security!