Overview
All indications show that software supply chain attacks continue to rise.
We invite the community to join us for the 2023 Software Supply Chain Community Day where industry, government, and academia can network and discuss challenges, practical solutions, and the latest software supply chain security research.
Date: Tuesday, November 14
Time: 10AM - 3:00 PM
Place:
North Carolina State University
Engineering Building 2, Room 3211
890 Oval Drive, Raleigh, NC 27695
RSVP by Tuesday November 7th. Space is limited, so please RSVP as soon as possible.
Agenda
| 10:00 | Welcome |
| 10:10 | SBOM and VEX - Lisa Bradley, Dell |
| 10:40 | Reproducible Builds - Brett Smith, SAS Security Swarm Lead |
| 11:10 | Break |
| 11:30 | NCSU Student PechaKutcha presentations |
| 11:30 | About the presentations |
| 11:35 | Elizabeth Lin: Exploiting Weaknesses in VS Code Extensions |
| 11:42 | Imranur Rahman: To Update or Not To Update: An Exploration of Update Metrics in OSS Packages |
| 11:49 | Mahzabin Tamanna: Unraveling SLSA-related Challenges and Suggestions from GitHub |
| 11:56 | Greg Tystahl: ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions |
| 12:03 | Courtney Miller: We Feel Like We’re Winging It” A Study on Navigating Open-Source Dependency Abandonment |
| 12:09 | Sarah Elder: Aggregating Security Risk Assessments from the Dependency Tree |
| 12:16 | Networking lunch (provided) and research poster session |
| 1:30 | How are we doing with adopting talks to reduce software supply chain security risk? Laurie Williams, NCSU |
| 2:00 | Using the VIPERR Framework to Secure Your Software Supply Chain, Brian Thomason, Anchore |
| 2:30 | Break |
| 2:50 | Industry Panel: Software Supply Chain Security Challenges Drew Masters, SecMation Chuck Kesler, Pendo Sheila Hensley, SAS Christopher Yates, Red Hat Stephen Magill, Sonatype |
| 3:45 | Continued networking and adjourn |