Presentation to highlight Boeing’s program for assessing the security of its software supply chain
BURLINGTON, Mass. - June 17, 2014 – CA Veracode, the application security company, today announced that John Martin of The Boeing Company, will present “The Boeing Case Study: How to Secure the Software Supply Chain” on Tuesday, June 24th at 2:45pm at the Gartner Security and Risk Management Summit. During this presentation, Martin will outline the steps Boeing took to implement a governance program for assessing the security of its third-party applications.
The security of third-party and open source software is an important issue facing enterprises in all industries. FS-ISAC recently published the “Appropriate Software Security Control Types for Third-Party Service and Product Providers” whitepaper. The FS-ISAC whitepaper states that as enterprises are getting better at defending traditional network perimeters, attackers are now targeting the software supply chain.
John Martin will describe how Boeing’s structured approach holds vendor-supplied software to the same security standards for minimal acceptable risk as internally developed applications. He will also discuss how the global manufacturer worked with CA Veracode to create a successful vendor application security testing program and how the program continues to evolve.
The CA Veracode Vendor Application Security Testing (VAST) program enables enterprises to reduce the risks associated with the use of third-party software -- whether it is open source, outsourced, SaaS or commercial off-the-shelf -- by attesting to the security of this externally developed software. As part of the VAST program, CA Veracode manages the vendor assessment process, works with vendors to identify and mitigate application threats using its cloud-based platform, and enables vendors to comply with their customers’ corporate security policies. With CA Veracode addressing software supply chain security, enterprises can safely leverage third-party software to enable innovation and gain faster time to market.
For more information about CA Veracode, Gartner Summit attendees can visit booth number 209 at the conference, or visit: https://www.veracode.com/gartner-security-risk-summit-2014.