Abstract:
Federal agencies rely heavily on open-source software to build and operate modern digital systems. Yet recent high-profile incidents have revealed how fragile today’s software supply chains can be.
In response, the federal government has introduced new requirements through Executive Order 14028, NIST’s Secure Software Development Framework (SSDF), and OMB guidance on SBOMs and software attestations. But for many agencies, these policies have also exposed a difficult reality: security teams are overwhelmed by vulnerability backlogs, complex dependency chains, and the operational burden of managing thousands of CVEs.
This session explores what has changed in the software supply chain over the past five years and why traditional approaches to open-source security are no longer enough. Attendees will learn practical strategies to reduce risk at the source using minimal container images, secure build pipelines, and faster release cadences. We will also discuss how emerging approaches such as AI-assisted analysis and retrieval-augmented security tools can help teams identify risks earlier in the software lifecycle.
.png?width=250&height=37&name=LeadershipConnect-2%20(2).png "LeadershipConnect-2 (2)"){kind=small}