SCRM and Supply Chain Security Up and Down the Stack – Steve Orrin – BTS #11
Supply Chain threats and industry / government initiatives like EO 14028 are driving a deeper understanding and a set of requirements for applying supply chain risk management (SCRM) and increased transparency (ex. SBOM) across the software ecosystem up and down the stack. Platform and system firmware present unique challenges for supply chain assurance from the depths of the stack.
Segment Resources: ESF: Securing the Software Supply Chain for Customers https://media.defense.gov/2022/Nov/17/2003116444/-1/-1/0/ESFSECURINGTHESOFTWARESUPPLYCHAINCUSTOMER_SLICKSHEET.PDF
ESF: Securing the Software Supply Chain for Suppliers https://media.defense.gov/2022/Oct/31/2003105572/-1/-1/0/ESFSECURINGTHESOFTWARESUPPLYCHAINSUPPLIERS_SLICKSHEET.PDF
ESF: Securing the Software Supply Chain for Developers https://media.defense.gov/2022/Sep/01/2003068942/-1/-1/0/ESFSECURINGTHESOFTWARESUPPLYCHAINDEVELOPERS.PDF
CISA SBOM Site https://www.cisa.gov/sbom
Full Audio
Segments
1. SCRM and Supply Chain Security Up and Down the Stack – Steve Orrin – BTS #11
Supply Chain threats and industry / government initiatives like EO 14028 are driving a deeper understanding and a set of requirements for applying supply chain risk management (SCRM) and increased transparency (ex. SBOM) across the software ecosystem up and down the stack. Platform and system firmware present unique challenges for supply chain assurance from the depths of the stack.
Segment Resources: ESF: Securing the Software Supply Chain for Customers https://media.defense.gov/2022/Nov/17/2003116444/-1/-1/0/ESFSECURINGTHESOFTWARESUPPLYCHAINCUSTOMER_SLICKSHEET.PDF
ESF: Securing the Software Supply Chain for Suppliers https://media.defense.gov/2022/Oct/31/2003105572/-1/-1/0/ESFSECURINGTHESOFTWARESUPPLYCHAINSUPPLIERS_SLICKSHEET.PDF
ESF: Securing the Software Supply Chain for Developers https://media.defense.gov/2022/Sep/01/2003068942/-1/-1/0/ESFSECURINGTHESOFTWARESUPPLYCHAINDEVELOPERS.PDF
CISA SBOM Site https://www.cisa.gov/sbom
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Sponsored By
Guest
Steve Orrin is Intel’s Federal CTO and a Senior Principal Engineer. He leads Public Sector Solution Architecture, Strategy, and Technology Engagements and has held technology leadership positions at Intel where he has led cybersecurity programs, products, and strategy. Steve was previously CSO for Sarvega, CTO of Sanctum, CTO and co-founder of LockStar, and CTO at SynData Technologies. Steve is a recognized expert and frequent lecturer on enterprise security. He was named one of InfoWorld’s Top 25 CTO’s, received Executive Mosaic’s Top CTO Executives Award, is a Washington Exec Top Chief Technology Officers to Watch in 2023, was the Vice-Chair of the NSITC/IDESG Security Committee and was a Guest Researcher at NIST’s National Cybersecurity Center of Excellence (NCCoE). He is a fellow at the Center for Advanced Defense Studies and the chair of the INSA Cyber Committee.
Hosts
