Increasing Confidence in Your Software Supply Chain

Join this 58-minute vBrownBag talk featuring Mike Fiedler, PyPI Safety and Security Engineer for the Python Software Foundation, as he discusses the critical risks of software supply chain insecurity and provides actionable strategies for both software consumers and producers. Learn about recent supply chain compromises, prevention methods for open source software, and specific recommended practices to enhance security. The presentation covers essential topics including what constitutes software supply chain security, real-world examples of compromises, the roles of different stakeholders in the supply chain, and detailed recommendations for both consumers and producers of software. The talk concludes with resources for further learning and a Q&A session addressing audience questions about improving software supply chain confidence.

Syllabus

02:12 Introducing Mike
07:20 What is software supply chain security?
08:45 Recent examples of software supply chain compromises
12:15 How do we prevent compromises in open source software?
18:57 Software consumers & software producers in the software supply chain
21:32 Recommended practices for software consumers
42:40 Recommended practices for software producers
50:15 Where to find Mike, and audience questions