All indications show that software supply chain attacks continue to rise.

We invite the community to join us for the 2023 Software Supply Chain Community Day where industry, government, and academia can network and discuss challenges, practical solutions, and the latest software supply chain security research.

Date: Tuesday, November 14
Time: 10AM - 3:00 PM
North Carolina State University
Engineering Building 2, Room 3211
890 Oval Drive, Raleigh, NC 27695

RSVP by Tuesday November 7th. Space is limited, so please RSVP as soon as possible.


10:00 Welcome
10:10 SBOM and VEX - Lisa Bradley, Dell
10:40 Reproducible Builds - Brett Smith, SAS Security Swarm Lead
11:10 Break
11:30 NCSU Student PechaKutcha presentations
11:30 About the presentations
11:35 Elizabeth Lin: Exploiting Weaknesses in VS Code Extensions
11:42 Imranur Rahman: To Update or Not To Update: An Exploration of Update Metrics in OSS Packages
11:49 Mahzabin Tamanna: Unraveling SLSA-related Challenges and Suggestions from GitHub
11:56 Greg Tystahl: ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions
12:03 Courtney Miller: We Feel Like We’re Winging It” A Study on Navigating Open-Source Dependency Abandonment
12:09 Sarah Elder: Aggregating Security Risk Assessments from the Dependency Tree
12:16 Networking lunch (provided) and research poster session
1:30 How are we doing with adopting talks to reduce software supply chain security risk? Laurie Williams, NCSU
2:00 Using the VIPERR Framework to Secure Your Software Supply Chain, Brian Thomason, Anchore
2:30 Break
2:50 Industry Panel: Software Supply Chain Security Challenges
Drew Masters, SecMation
Chuck Kesler, Pendo
Sheila Hensley, SAS
Christopher Yates, Red Hat
Stephen Magill, Sonatype
3:45 Continued networking and adjourn