(CS)²AI Symposium: Securing Software Supply Chains: Forging an Unbreakable Chain

Please note that meetup does not integrate your RSVPs with GoToWebinar. Register now at this link: https://attendee.gotowebinar.com/register/7240818852726022157?source=03302022meetupevent

We have a GREAT lineup of speakers for this HUGE event, worth up to 5 CEUs/PDUs. If you or your organization care anything at all about the security of your software supply chain, don't miss this!

Description:
After a year of high profile cyber incidents against Operational Technology (OT) systems, followed by a frenzy of regulatory initiatives from governments around the world, executives in critical infrastructure are accelerating their efforts to secure their operations. The software supply chain has been a particularly attractive target for attackers. SecurityWeek reported that software supply chain attacks tripled in 2021—and that’s following a 430% surge in 2020. It has not gone unnoticed.

This symposium will explore the risks posed by a lack of visibility into the OT software supply chain. It will describe the important regulatory requirements initiated by the US federal government and explore the impact of these regulations, both in the US and internationally. We’ll do a deep dive into the federal requirement for Software Bill of Materials (SBOMs), the critical role they play in risk reduction, and the future direction of supply chain transparency.

We’ll discuss some of the challenges of creating and using SBOMs in OT/ICS environments. OT technology has a long service life and there is often legacy software where the source code is no longer available. We’ll also cover how OT vendors can use VEX (Vulnerability Exploitability eXchange) documents to help prioritize vulnerabilities exposed by SBOMs.

Finally, we’ll wrap up with a real world example detailing the experiences of a major OEM vendor that determined the risk posed by the vulnerabilities in the Apache Foundation’s Log4j module, identified products where it was exploitable, and efficiently communicated with their customers using VEX.

The need for a secure supply chain is the new business imperative for operators of critical infrastructure and those who supply them with software and firmware. Don’t miss this chance to hear from the experts on how to forge an unbreakable chain in critical infrastructure operations.

Please note that meetup does not integrate your RSVPs with GoToWebinar. Register now at this link: https://attendee.gotowebinar.com/register/7240818852726022157?source=03302022meetupevent

------------------------------------------------------------------------------------------------
## Come for the education and participate in the fun - submit Quality Questions for our speaker to get your name on our Prize Wheel!
## Certificates for Professional Development/Continuing Education Units (PDUs/CEUs) are available for all registered individuals who attend at least one hour of the event.
## All past seminars and symposiums, are available to paid CS2AI.ORG members. Check out the Resources area of our website in the Members Portal https://www.cs2ai.org/
## If you're interested in speaking at a future (CS)2AI event, having your organization become a Strategic Alliance Partner, or engaging in any of the other ways available, please contact us on our https://www.cs2ai.org/get-involved
## Please note that (CS)2AI ONLINE events are provided free of charge as educational career development content through the support of our paid members and the generous contributions of our corporate Strategic Alliance Partners. Contact information used in registering for our directly supported seminars may be shared with sponsors funding those specific events. Unless noted on the Gotowebinar registration page, all events are open for direct funding support.