Presentation
Beyond Dependencies: The Real Picture of Software Supply Chain Security
Anant Shrivastava | Founder, Cyfinoid Research
Date: Thursday, August 7 | 10:50am-11:30am ( Business Hall Theater C )
Format: 40-Minute Summit Session
Track: Supply Chain Micro Summit
Software Supply Chain Security has been a buzzword for the past few years, but as the initial hype settles, it’s time to ask: what’s actually workingâand what’s being overlooked?
In response to rising threats, many organizations have rushed to implement SCA tools or generate SBOMs and called it a day. But security is rarely that simple. Is generating a BOM of your code dependencies truly enough? What about the unsigned binaries your devs download during prototyping, the Docker images pulled from random GitHub issues, or the low-friction APIs that newer technologiesâlike AI platformsâintroduce into trusted environments?
This talk takes a 360-degree view of supply chain securityâbeyond just dependenciesâto highlight the broader risks involved in how modern software is developed, integrated, deployed, and consumed. We’ll explore:
-
The lay of the land: current initiatives from open source foundations, government bodies, and industry players, and how individuals and organizations can contribute or align with them.
-
A clear definition of supply chain securityâwhat it is and isn’tâso we stop chasing shadows and start solving real risks.
-
Why SBOMs are a valuable tool, but not a silver bullet. We’ll discuss where they shine, where they struggle, and what remains unaccounted for even with perfect SBOMs.
-
Case studies and real-world incidents illustrating how rapid tech adoption often outpaces secure design, leaving behind misconfigurations and attack surfaces across the software lifecycle.
Whether you’re building software or just using it, this session will challenge assumptions, offer practical mental models, and leave you with a grounded understanding of where your supply chain security posture actually standsâand where the gaps may lie.