Strengthening the Chain
Overview
While the number and variety of software supply chain attacks continue to increase, the community is beginning to develop detection, mitigation, and prevention tactics that can be incorporated into software development pipelines now.
We invite the community to join us for the 2025 Software Supply Chain Community Day where industry, government, and academia can network and discuss challenges, practical solutions, and the latest software supply chain security research.
Our theme this year is ‘Strengthening the Chain’, with a focus on what we are learning about how to reduce the number of successful attacks and mitigate the severity of the attacks that occur.
Date: Friday, November 20
Time: 10AM - 4:30 PM
Place:
SAS Institute
100 SAS Campus Dr, Cary, NC 27513
RSVP by Thursday November 12th. Space is limited, so please RSVP as soon as possible.
Agenda Items (schedule and speakers will be published in mid-October)
Agenda
| 10:00 | Welcome |
| 10:10 | Buying Security: Open Source Funding and Security Posture - Stewart Scott, Atlantic Council |
| 10:40 | Investigating the Availability of Public Vulnerability Information to Support Patching Decisions - Dan Votipkaa … Dr. Votipka is an assistant professor in the Computer Science Department at Tufts University. His research focuses on computer security, with an emphasis on the human factors affecting security professionals |
| 11:10 | Break |
| 11:30 | Student Ignite presentations |
| 12:30 | Networking lunch (provided) and research poster session |
| 1:30 | Agentic AI Security: MCP and other opportunities - Brett Smith, SAS Institute |
| 1:30 | Bob Callaway, Google Open Source Security |
| 2:30 | Break |
| 2:50 | Industry Panel: Software Supply Chain Security Solution Andrew McNamara, Red Hat Brett Smith, SAS Larry Maccherone, Transformation.dev |
| 4:30 | Continued networking and adjourn |
Research Opportunities
The S3C2 team is seeking participants for several lines of research. Read on and consider participating.
Trust in the Software Supply Chain
Is supply chain security getting worse or getting better? We want to understand how trust has changed. We would love to interview you about your experiences and practices and how they have shifted in recent years. Use this link or scan this QR code to learn more!
LLMs in software development
Are you cautious, optimistic, or both about how LLM use affects your software development? Can we interview you about your perspective and your practices around the selection and integration of LLMs? Use this link or scan this QR code to learn more!!
