<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1919858758278392&amp;ev=PageView&amp;noscript=1">

Steve Springett

Steve Springett


Session Name: WTF is in your software?

As we increase our usage of 3rd party components, managing software supply chain risks is increasingly important. But how do you realistically achieve this at the speed of DevOps? This session will cover: (1) standard practices for managing risk from 3rd party components, (2) open source build tools to catalogue your 3rd party components, (3) open source tooling available to manage your software component inventory, and (4) automated approaches for identifying, responding too, and managing risks from 3rd party components at scale. 



Speaker Bio: 

Steve educates teams on the strategy and specifics of developing secure software. He practices security at every stage of the development lifecycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive programming techniques. Steve's passionate about helping organizations identify and reduce risk from the use of third-party and open source components. He is an open source advocate and leads the OWASP Dependency-Track project, OWASP Software Component Verification Standard (SCVS) project, CycloneDX software bill-of-material specification, and participates in several related projects and working groups.