For years, experts have been telling the government to take stock of the software supply chain by generating software bills of materials and defining standards and policies for use. But it took a few big “oh !@#$%” moments like the SolarWinds and Colonial Pipeline breaches to get the wheels of government really turning around improving software supply chain security.
In response to these issues, the U.S. government issued a White House executive order on cybersecurity to use its purchasing power to create positive changes to the way cybersecurity is addressed around the world. We talked about the impact of this executive order in this Tidelift advisory.
On December 14 at 3 p.m. ET, Tracy Bannon from MITRE will join us for an Upstream webinar to discuss why action from the government took so long, what is happening now that will help organizations positively impact their own security preparedness, and how we can bring forward good ideas and warnings in the future.
She’ll discuss how to talk about risk profile and ways organizations can force-rank priorities. She’ll also discuss why it’s important to reduce cognitive load on the development teams and why it’s important to offload some tasks onto trusted vendors.
Tidelift CEO and co-founder Donald Fischer will join the discussion and explain how all this applies to open source software specifically. It should be a fascinating discussion. You can register below: