2025-10-09 –, Belvedere I/ Security, Compliance & the Law
OSSL Conference Pre-approved Topic alignment: Who Knows What Goes Into Products? Supply Chain Security Challenges
Abstract:
Many cyberattacks have exploited vulnerabilities and weaknesses in software and within software supply chains; an issue that spans both proprietary and open-source software which impacts both private sector and government enterprises.
This session will cover the software acquisition guide which provides a prescriptive method to assess hidden security challenges and poor practices in supply chain ecosystem.
Customers and mission owners, as often represented by their acquisition and procurement organizations, may use the guidance in Software Acquisition Guide as a basis to describe, assess, and measure suppliers’ cybersecurity practices relative to the software life cycle and Secure by Design principles without requiring that acquisition/procurement staff to become cybersecurity experts. This Guide covers software development practices, supply chains, deployment, and vulnerability management phases of software ownership.
Sridhar is currently working as Principal Security Architect within Product Security Group @ NetApp. With over 25 years in software industry, Sridhar is inventor/co-inventor for 16 US Patents and published 11 Conference papers till date.
Sridhar's area of expertise includes Storage and Information Security, Security Assurance, Cryptography, Secure Software Development Lifecycle, Secure Protocols, and Storage Management. Sridhar holds a Master's degrees in Physics and Electrical Engineering.