Come join Mr. Thomas Hurt to better understand the issues for software risk management and development of this Zero Trust capability in implementation plans.  Discover how understanding software risk management is critical in execution of your ZT capabilities and activities.  This will assist in DoD and DIB contractor efforts in managing software risk management as part of your ZT implementation.

Understanding software risk management is throughout the DoD's ZT capabilities and activities, especially ZT Capability 3.3, "Software Risk Management."  This ZT capability requires DoD organizations to "establish software/application risk management program."  It includes foundational controls risk management. "Foundational controls include Bill of Materials risk management, include Bill of Materials risk management, Supplier Risk Management, approved repositories Supplier Risk Management, approved repositories and update channels, and vulnerability and update channels, and vulnerability management program. Additional controls management program. Additional controls include Continual validation within the CI/CD include Continual validation within the CI/CD pipelines and vulnerability maturation with pipelines and vulnerability maturation with external sources."  Mr. Hurt will discuss insights on this ZT capability and its activities to effectively manage software risk management.