Fireside Chat: Incorporating supply chain security into your CI/CD pipeline for cloud-native applications

Most products today have a combination of infrastructure and application security controls. An important security control that has gained significance recently due to security attacks such as Solarwinds and log4j is the need for software supply chain security controls. Cyber-Secutity directives from Governments and regulators now require us to ensure that technology vendors don’t bring in malware or provide backdoors in their products.
As developers build applications, DevOps/SREs deploy run these applications, and security teams manage the security profile of their applications, it is important to learn about the following:

  1. What is supply chain security?
  2. How do you develop and build software bill of materials?
  3. How do you secure your CI/CD pipeline by incorporating supply chain controls?
  4. Impact of supply chain security on open source software security in CI/CD pipeline

Come and get a quick primer on these concepts and find out how companies are driving addressing this key area in their security program


About the speaker

Saikat Maiti Sr. Director, Information Security, Salesforce

Saikat Maiti is the Sr Director for Information Security at Salesforce focusing on ensuring secure Salesforce deployments at its top 50 customers . Saikat has been a CISO at many new age cloud native companies. He was Head of Infosec and IT at Upstart Network and has also setup security for Personal Capital, and Varian Medical Systems He has also been a consulting Practice Director at PricewaterhouseCoopers (PwC). He has built a variety of new age Artificial Intelligence and Machine learning models to enhance security and is known for deploying low cost, cloud provider leveraged security capabilities to better secure cloud infrastructure.