Anthony Harrison, APH10

Anthony Harrison

The supply chain for software-based products is large and increasingly complex. With growing regulation requiring enhanced transparency of the supply chain, what are the best practices to ensure that this can be achieved? 

The use of the software supply chain within a secure development lifecycle starts with the initial statement of requirements, through procurement, and development all the way through to deployment, support, and disposal. A key part of this is the procurement process and it is essential that the procurement process protects organisations and customers from the risks originating from within the software supply chain. 

This presentation identifies the key risks which exist within the software supply chain and proposes solutions to mitigate the risks to an acceptable level, including: 

  • The need for greater transparency to provide a clear picture of what is being acquired 
  • How to perform an effective due diligence on suppliers to ensure that expectations are understood by all parties 
  • The importance of relationships and partnerships within the supply chain 
  • The approach to be followed to ensure effective oversight of the supply chain is performed to manage the evolving risk landscape 
anthony-harrison-Empower

Open Source Security Foundation

Print This Page Print This Page