Software supply chains, composed of diverse tools, dependencies, and collaborative workflows, have become critical targets for malicious actors. Attackers exploit vulnerabilities in open-source components, CI/CD pipelines, and automated engineering processes, exposing organizations to significant risks. Resilience in this context demands a shift from reactive defenses to proactive strategies that integrate security directly into engineering workflows, ensuring vulnerabilities are addressed before they can be exploited.
From this track
Trust No One: Securing the Modern Software Supply Chain with Zero Trust
Can you truly trust your software supply chain? As cloud-native software development surges, threat actors increasingly target the supply chain, exploiting vulnerabilities in CI/CD pipelines, dependencies, and container images.
Emma Yuan Fang
Senior Cloud Security Architect @EPAM, DevSecOps, Cloud Security Advocate, Strategist and Public Speaker, Ex-Microsoft, CISSP
Secure by Design: Building Security into Engineering Workflows and Teams
Security doesn't have to be a blocker- it can be an enabler. In this session, we’ll explore how to seamlessly integrate secure development practices into engineering workflows while fostering a culture of collaboration and shared ownership.
Stefania Chaplin
Solutions Architect @GitLab
Securing AI Copilots: Including Supply Chain Security in AI Strategy
Details coming soon.
Andra Lezza
Principal Application Security Engineer @Sage, Co-Leader OWASP London Chapter, and ex-Checkout.com, Bulb, and Worldpay
Track Host
Sonya Moisset
Staff Security Advocate @Snyk
