BETHESDA, Md.--(BUSINESS WIRE)--GrammaTech, a leading provider of application security testing products and software research services, announced today that embedded and enterprise software security expert Walter Capitani has been invited to present in two sessions on software supply chain security at the Automotive Cybersecurity Silicon Valley 2022 Conference.
Many software components used in automobiles are not developed directly by car manufacturers themselves or even their tier-one suppliers, and a large portion of them contain open-source code. However, security and quality can vary depending on the source of the software and methods to test the code. Because of how this code is delivered, manufacturers can’t be certain if reused components are secure and high quality. Walter will discuss steps that must be taken to alleviate this risk.
WHO: Walter Capitani, Director, Technical Product Management for GrammaTech is a recognized expert in embedded and enterprise software security. Walter has led product teams delivering solutions to worldwide markets for safety-critical and secure software development and SaaS application performance. Walter holds a degree in Electrical Engineering from the University of Waterloo and is an MBA graduate of the Telfer School of Management.
WHAT: Walter will present in the following sessions:
Supply Chain Key Management: Panel Discussion Re-aligning Keys and Re-establishing the Trust Relationship
At the end of the day, it all comes down to the secret keys that are being loaded onto the modules. A lot of it is reliant on the trust relationship between a Tier-2 supplier who manufactures a component, gets it to the Tier-1 suppliers, and then finally to the vehicle manufacturer. How this relationship or key management is handled throughout the vehicle’s lifecycle for 10-15 years is a major challenge. In this multi-stakeholder panel discussion Walter will join representatives from General Motors, Rivian and Polaris to brainstorm and share best practices on effective key management.
Software Bill of Materials and Securing the Automotive Digital Supply Chain
From nuts and bolts to bits and bytes, the automotive supply chain is evolving as vehicles are becoming more software driven and Internet connected. Managing software risk and eliminating vulnerabilities is now just as important as identifying a defective part. Starting with a Software Bill of Materials (SBOM), suppliers and manufacturers can provide visibility into the software component makeup of the devices that power many of the critical functions of a vehicle.
In this session, attendees will learn:
- Why SBOMs should be required to improve software supply chain security from suppliers to manufacturers
- What to look for in a SBOM and how to evaluate open source and third-party components
- How to use a SBOM to identify software risk and eliminate vulnerabilities throughout the software supply chain
WHEN: Wed, Oct 26 @ 4:25pm:
Supply Chain Key Management: Panel Discussion Re-aligning Keys and Re-establishing the Trust Relationship
Thu, Oct 27 @ 9:20am:
Software Bill of Materials and Securing the Automotive Digital Supply Chain
WHERE: Santa Clara Marriott Hotel, 2700 Mission College Blvd, Santa Clara, CA
HOW: To register, visit https://www.automotive-iq.com/events-automotive-cybersecurity-silicon-valley/srspricing. To schedule a conversation with Walter Capitani, contact Marc Gendron at marc@mgpr.net or +1 617.877.7480.
About GrammaTech
GrammaTech is a leading global provider of application security testing (AST) solutions used by the world’s most security conscious organizations to detect, measure, analyze and resolve vulnerabilities for software they develop or use. The company is also a trusted cybersecurity and artificial intelligence research partner for the nation’s civil, defense, and intelligence agencies. GrammaTech has corporate headquarters in Bethesda MD, a Research and Development Center in Ithaca NY, and publishes Shift Left Academy, an educational resource for software developers. Visit us at https://www.grammatech.com/, and follow us on LinkedIn and Twitter.
CodeSonar® and CodeSentry® are registered trademarks of GrammaTech, Inc.