Beyond Minimum Standards

ABSTRACT

The recent Cybersecurity Executive Order asked agencies to define minimum standards for supply chain governance and software testing that could be required of all vendors selling software to the Federal Government. In this talk, I ask the question: what could minimal standards look like 10 years from now? I will describe recent research on software and supply chain security, focusing on emerging threats and promising approaches to mitigation.    

BIO

Dr. Stephen Magill was the CEO and co-founder of MuseDev, and is now VP of Product Innovation at Sonatype. He has spent his career developing tools to help developers identify errors, gauge code quality, and detect security issues. Stephen has led multiple large-scale research initiatives including DARPA projects on privacy, security, and code quality. He also served as research lead for the 2020 and 2021 State of the Software Supply Chain reports. Dr. Magill earned his Ph.D. in CS from Carnegie Mellon University, and his BS from the University of Tulsa. He is a member of the University of Tulsa Industry Advisory Board and has served on numerous program committees and funding panels.