Modern Software Delivery: Supply Chain Security Critical

### Agenda ###

1800: Doors Open + Food/Drinks
1830: Talk given by Chris Wysopal (@WeldPond)
1930: Social - consume more food/drink
2100: The End

======================
Software is no longer delivered on a CD-ROM with occasional updates. Software delivery has become a continuous process for SaaS, mobile and desktop apps with technology suppliers woven in. Open source, service provider APIs, and of course cloud are all woven in and changing continuously. What value is a point in time assessment to understand the risk accepted by the enterprise or software users? Software assessments must become continuous and process based. There is also a need to balance the transparency desired by software users with the needs of vendors to be effective in software delivery and maintenance. We need continuous assessment with the right level of transparency to keep up with our rapidly changing and deeply nested software supply chains.

Chris Wysopal Bio:

Chris Wysopal is Co-Founder, Chief Technology Officer at Veracode, which he co-founded in 2006. He oversees security research and technology strategy. Prior to Veracode, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990's, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software. Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.