Supply chain attacks, product security, Devsecops : the challenges of secured software development

December, 8th 2021. Jonathan Brossard, Moabi CTO, was invited by the CESIN (the french club of cybersecurity experts) to give the closing keynote of their annual congress in Reims, France. Jonathan presented his diagnostic and the challenges that the industry has been facing to secure the software supply chain:

• Software secured development is a cycle process, aka the SSDLC (Secure Software Development Life Cycle) for continuous security improvement,
• Product security and implementation of cybersecurity best practices should be verified. Open source and software releases from any suppliers should be audited.
• These audits should be performed without source code, and should give clear indicators about cybersecurity. All components should be identified and cybersecurity feedbacks should be considered thoroughly and continuously by vendors and suppliers.

With 7 cybersecurity metrics and remediation reports, Moabi platform to automate security audits at scale without source code is a key solution to help security experts overwhelmed by the number of software and variety of architecture, technology and environment.

Since December 8th, the Log4j storm has illustrated the need to identify every software components, and the importance to systematically audit their cybersecurity level.