=Paper= {{Paper |id=Vol-2739/abstract_1 |storemode=property |title=Cobbles and Potholes – On the Bumpy Road to Secure Software Supply Chains - Abstract |pdfUrl=https://ceur-ws.org/Vol-2739/abstract_1.pdf |volume=Vol-2739 |authors=Henrik Plate |dblpUrl=https://dblp.org/rec/conf/sam-iot/Plate20 }} ==Cobbles and Potholes – On the Bumpy Road to Secure Software Supply Chains - Abstract== https://ceur-ws.org/Vol-2739/abstract_1.pdf 
          Cobbles and Potholes – On the Bumpy Road to
                 Secure Software Supply Chains
                                                                   Henrik Plate
                                                          SAP Security Research, Germany




   Abstract — Open source software is ubiquitous – all across the stack, in the cloud and on-premise, on all devices, in commercial
and non-commercial offerings. This success, the dependency of the software industry on open source, combined with recent data
breaches and attacks, puts security into the spotlight. This talk will provide an overview - for sure opinionated, hopefully
controversial – about the state of affairs and current trends regarding the security of software supply chains, both from consumer
and producer perspective.



   Brief Biography — Henrik Plate is a senior researcher at SAP Security Research. He received his MSc in Computer Science and
Business Administration in 1999 from the University of Mannheim. His current research focusses on the security of software supply
chains, esp. the use of open source components with known vulnerabilities and supply chain attacks. He is a co-author of Eclipse
Steady [5], which supports the detection, assessment, and mitigation of vulnerable open source dependencies in Java and Python
applications.




Copyright © 2020 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).

                                                                              1