TEQnation 2024: Best Practices and Regulatory Insights - Soroosh Khodami & Ali Yazdani

Secure Software Ecosystems: Best Practices and Regulatory Insights - Soroosh Khodami & Ali Yazdani

Every day, we encounter another critical vulnerability such as Log4J, Spring4Shell, or the XZ Backdoor, prompting us to wonder if we could be the next target. During this session, we will explore the process of establishing a secure software development ecosystem to mitigate these security risks. Ali, leveraging years of experience as a Security Engineer, and Soroosh, offering his expertise in software development, will discuss strategies for attaining this objective. Key takeaways from this session include:

Understanding DevSecOps and its role in securing our applications.
Best practices for building a secure software ecosystem.
A brief overview of Supply Chain Attacks and their significance.
The importance of the Software Bill of Materials and the best available solutions in the market.
Principles and techniques for securing cloud-native applications from development to deployment.
Exploring EU regulations regarding supply chain attacks and their impact on software security practices.