When approaching software supply chain security, managing the risk related to open source usage has always been the very first consideration for builders of applications.
Several notable vulnerabilities, such as Apache Struts and Log4j justify that consideration, demonstrating just how widespread the downstream impacts can be.
However, managing open source risk gets increasingly difficult the more ubiquitous it becomes, and organizations become more complacent as they focus on hardening other nodes of their software supply chain.
Join us as we elevate the conversation beyond tool implementation, and discuss the importance of installing an open source risk management program in order to protect your organisations, and your consumers, from supply chain threats.
We will discuss:
- Implications of open source risk
- Obstacles to effectively managing open source risk
- The necessary people, processes, and tools to overcome those obstacles
Speaker: Mike McGuire, Synopsy
Mike McGuire is a product marketing manager at Synopsys where he is focused mainly on the Black Duck software composition analysis tools and audit services.
After beginning his career as a software engineer, Mike transitioned into product management and marketing roles, as he enjoyed interfacing with the buyers and users of the products he worked on.
Leveraging several years of development experience, Mike enjoys connecting the market’s complex AppSec problems with Synopsys’ comprehensive solutions.