How to Assess Your Software Vendors' Cybersecurity

High-profile software supply chain attacks and vulnerabilities – like SolarWinds and Log4j – represent the tip of the iceberg. Organizations can create additional transparency into the software supply chain by requiring a Software Bill of Materials (or SBoM), an inventory of all the constituent components and dependencies in developing and delivering an application. However, the concept of software supply chain security is much greater than an SBoM.

In this webinar, Dave Shackleford, principal at Voodoo Security and SANS instructor, explores the top tips for strengthening software supply chain security, including:

• How to assess and record what should constitute your software supply chain and what's most critical
• How the software supply chain (and SBoMs) fit into third-party risk management programs
• How to get started with software supply chain reviews and overall risk management
• How to determine if the risk of using a software development partner/ implementer/ VAR is worth the benefit
• What to require of partners so that, should they be breached, you know your data is safe

This webinar delivers best practice guidance on augmenting your third-party risk management program with a solid assessment strategy for your software vendors.