Zero Trust (ZT) potentially transforms DoD Cybersecurity. ZT is a cybersecurity strategy wherein security policy is applied based on context established through least-privileged access controls and strict user authentication—not assumed trust.
Open source software (OSS) enables faster speed to market. Despite its benefits, it can threaten software integrity. To combat software insecurities, beginning with an accurate application inventory and a software bill of materials requirement is critical to ZT success. In addition, secure software development is needed to address weaknesses tied to a particular OSS component, which violate the system's ZT assumptions and design. Examples of common OSS components, their weaknesses, and how it affects Zero Trust pillars and capabilities will be discussed.
Come join Mr. Ron Lewis and Dr. Kristin Kelly to learn how to gauge the risk associated with each OSS component and the impact on the overall system security posture.