Enabling Enterprise Resilience and Cybersecurity Assurance
As the cyber threat landscape evolves, and as software dependencies grow more complex, understanding and managing risk in the software supply chain is more critical than ever. The Internet of Things (IoT) will inevitably lead to a massive proliferation of a variety of types of software-reliant, connected devices used across multiple environments. With IoT increasingly dependent upon software of unknown provenance and pedigree, composition analysis and signoff are needed to determine ‘fitness for use’ and trustworthiness in terms of quality, security, safety, and licensing.
This paper will address the risk management and security-enhanced practices necessary in software development and acquisition, the various types of testing needed to provide sufficient coverage, the standards-based security automation required to enable scalable actions, and offer Software Composition Analysis and Software Signoff as means for securing applications and better enabling IoT supply chain risk management in support of enterprise resilience.