{"title":"实力、信任与和谐:软件供应链安全的挑战与机遇","authors":"T. Rosen","doi":"10.1145/3560835.3563444","DOIUrl":null,"url":null,"abstract":"As we think about enhancing software supply chain security, what does the landscape of threats and opportunities look like? What are useful ways for framing the problem, and how does the industry view the challenge? Where do responsibilities lie? Who has the power to make positive changes or to act with malice? And most importantly, what are the roles and responsibilities of industry, academia, government, and the open source community at large? In this keynote, industry veteran Trevor Rosen will offer some answers to these questions borne from his time at the center of the SolarWinds/SUNBURST breach and his experience in standing up a new supply chain integrity practice at GitHub. You can expect to hear some war stories, some strong opinions, and to walk away inspired to join hands with colleagues from all over the technical landscape to solve a huge (but tractable!) problem in information security.","PeriodicalId":208151,"journal":{"name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Strength, Trust, and Harmony: The Challenges and Opportunities of Software Supply Chain Security\",\"authors\":\"T. Rosen\",\"doi\":\"10.1145/3560835.3563444\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As we think about enhancing software supply chain security, what does the landscape of threats and opportunities look like? What are useful ways for framing the problem, and how does the industry view the challenge? Where do responsibilities lie? Who has the power to make positive changes or to act with malice? And most importantly, what are the roles and responsibilities of industry, academia, government, and the open source community at large? In this keynote, industry veteran Trevor Rosen will offer some answers to these questions borne from his time at the center of the SolarWinds/SUNBURST breach and his experience in standing up a new supply chain integrity practice at GitHub. You can expect to hear some war stories, some strong opinions, and to walk away inspired to join hands with colleagues from all over the technical landscape to solve a huge (but tractable!) problem in information security.\",\"PeriodicalId\":208151,\"journal\":{\"name\":\"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-11-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3560835.3563444\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3560835.3563444","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Strength, Trust, and Harmony: The Challenges and Opportunities of Software Supply Chain Security
As we think about enhancing software supply chain security, what does the landscape of threats and opportunities look like? What are useful ways for framing the problem, and how does the industry view the challenge? Where do responsibilities lie? Who has the power to make positive changes or to act with malice? And most importantly, what are the roles and responsibilities of industry, academia, government, and the open source community at large? In this keynote, industry veteran Trevor Rosen will offer some answers to these questions borne from his time at the center of the SolarWinds/SUNBURST breach and his experience in standing up a new supply chain integrity practice at GitHub. You can expect to hear some war stories, some strong opinions, and to walk away inspired to join hands with colleagues from all over the technical landscape to solve a huge (but tractable!) problem in information security.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
