Lisa Bradley (Dell, US), Sarah Evans (Dell, US)
Dr. Lisa Bradley is a distinguished cybersecurity expert and visionary leader, currently serving as the Senior Director of Product & Application Security at Dell Technologies. With an impressive track record spanning over two decades in enterprise-class engineering and leadership, and as a major contributor to the FIRST PSIRT Services Framework she has earned her reputation as a trailblazer in the field of security and vulnerability management. In her current role she oversees Dell's Product Security Incident Response Team (PSIRT), Bug Bounty Program, SBOM initiative, Dependency Management, and Security Champion and Training Programs. With over a decade of PSIRT leadership including running programs at NVIDIA and IBM, she is a sought-after speaker at top tech events like FIRST, BSides, BSIMM, DerbyCon, DEF CON, and ISACA.
Outside of her professional life, Lisa enjoys quality time with her three children and participates in cybersecurity podcasts like the Security Unhappy Hour. Dr. Lisa Bradley's unwavering dedication to cybersecurity and her extensive industry experience make her a leading figure in the ever-evolving landscape of technology and cyber defense, fostering trust and innovation.
Sarah Evans is a security innovation researcher at Dell Technologies, on the Product and Operations Global CTO Research & Development team. She leverages diverse experiences in cybersecurity, IT, defense, business, education and fine arts to research innovation to improve security by design in emerging technologies. A primary research effort at Dell has been in Zero Trust security, and how/where innovation is needed to help accelerate organization’s adoption of Zero Trust tenets. Improving the secure use of open source software in software supply chains is an important component of Zero Trust security. Prior to Dell, Sarah has had roles at Wells Fargo, the US Air Force, a regional midwest construction company, and as computer information systems faculty at Missouri State University. Sarah also contributes to OpenSSF to help secure the open source software supply chain through efforts as: a Governing Board observer, Governance Committee member, Technical Advisory Council (TAC) member, the Security Tooling SIG co-chair and the Metrics API co-chair. Sarah is based in Denver, Colorado.
---
As businesses increasingly rely on Open Source Software (OSS) to drive innovation and efficiency, ensuring robust security practices by companies building software and products with software becomes paramount to safeguarding customers. This talk explores the essential components of a mature OSS security practice and provides a comprehensive guide on how businesses can enhance customer protection through effective OSS management. The journey begins with understanding the significance of a mature OSS security practice, followed by a detailed examination of the necessary steps to fortify customer protection. Initiating this journey requires executive support, and we will outline strategies we used in Dell to garner the necessary backing. The importance of Software Bill of Materials (SBOM) in enhancing security inventories, dependencies, incident response and end of life is discussed, shedding light on its role throughout the OSS lifecycle. A focal point of the discussion is the Open Source Security Foundation (OpenSSF) and its offerings to improve security practices in the OSS supply chain. The talk emphasizes that companies of all sizes can benefit from OpenSSF and provides insights into its versatile applications. For those already immersed in the complexities of OSS consumption, we will offer guidance on course correction, highlighting how to rectify bad practices. In essence, the talk serves as a comprehensive roadmap for businesses to navigate their OSS security journey, ensuring they source the right OSS, stay vigilant to security concerns, and remain up-to-date with the latest secure versions, all in the pursuit of best protecting their customers.
5 окт 2024
