Recently, NIST released their Secure Software Development Framework (SSDF): Recommendations for Mitigating the Risk of Software Vulnerabilities, a framework that is supposed to provide guidance on how to address software security and secure development practices.
In reviewing the recommendations, a key question that immediately stands out is whether they go far enough in considering the full spectrum of software supply chain operations, including humans who end up using software?
While it’s critically important to establish hygiene for the upstream portion of the digital value stream, it’s equally important to have a holistic view and take steps to foster hygiene for the downstream portion of the value stream. Why? Because there are usually more mistakes made in the implementation of software than in the creation of it.
Join Matt Howard, EVP at Sonatype, and industry experts Steve Springett, Chair, Cyclone DX, and Mike Wilkes, CISO, SecurityScorecard as they discuss:
Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102
Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia
London Office -168 Shoreditch High Street, E1 6HU London
Subscribe for all the latest software security news and events
Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.
Terms of Service Privacy Policy Modern Slavery Statement Event Terms and Conditions Do Not Sell My Personal Information