Loading…
February 1-2, 2023 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2023 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -8. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Wednesday, February 1 • 4:40pm - 5:15pm
Securing Diverse Supply Chains Across Interconnected Systems - Wayne Starr, Defense Unicorns & Aaron Creel, SpaceX

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Working within large software systems can make it difficult to determine the full scope of software, libraries and tooling contained within a diverse set of components, often maintained across separate teams and departments. Security teams must become familiar with a wide range of packaging technologies and practices, and often manually aggregate information to make determinations on where vulnerabilities may be present and how to mitigate them. In this talk, we will share how SpaceX is solving this through a layered application of Syft, Grype, and OWASP Dependency Check as Software Bill of Materials (SBOM) and vulnerability discovery tools integrated into their software development process and continuous integration pipelines. This integration has allowed them to reduce the cycle time for developers to respond to potential vulnerabilities, and allowed them to more efficiently prioritize how developers work across projects.
Speakers
WS

Wayne Starr

DevOps Engineer, Defense Unicorns
Wayne graduated from Rochester Institute of Technology in 2016 and commissioned into the United States Air Force, joining the Defense Innovation Unit. There, he worked as a security engineer for the first Air Force Software Factory (Kessel Run), helping reduce cycle time for delivery... Read More →
AC

Aaron Creel

Security Executive & Advisor, SpaceX
Aaron is a security executive with more than 20 years experience in compliance and security policy across both government and commercial sectors. He began his career in the US Coast Guard and has worked in a wide range of roles throughout the security domain, being selected as a Class... Read More →

securitycon aaron wayne pdf
Wednesday February 1, 2023 4:40pm - 5:15pm PST
Room 606/607
  Supply Chains