IP Expo: Is the software supply chain putting us at risk?

News by Roi Perez

Josh Corman, founder of I Am the Cavalry, spoke at IP EXPO Europe 2016 and pointed the finger at the software supply chain to tackle cyber-threats, arguing that we need fewer and better suppliers.

As our dependence on connected technology is growing - especially in areas affecting public safety and human life - so is our ability to protect it from constantly diminishing.

It is for this reason that Josh Corman, founder of I Am the Cavalry, opened his session at IP EXPO Europe 2016 with a stark reminder that our best is not good enough.

Corman said: “Despite best practices, modern software security has allowed 100 of the FTSE100 to lose IP and sensitive information - even our governments routinely succumb to adversaries. These failure rates cannot stand with the consequences of failure being measured - not in record count - but in human lives and GDP.”

Corman posed the audience the question of when will we act on such grave threats. In his opinion, now that connectivity is moving to connected devices such as pacemakers, front door locks and cameras and fridges, things which could put our lives in danger, this could be the year we have a turning pointing in protecting ourselves, the year policymakers pay attention.

Paradoxically, Corman says it may take DevOps to rise to these challenges. Rugged DevOps is finding un-obvious common ground and breakthroughs in the software supply chain principles, to give greater visibility and response agility, which should lead to immutable infrastructure, and the like.

The reason Corman points the finger at the software supply chain is that every time a developer uses an open source library to speed up development time and cut costs, they are also adding millions of lines of code to their end product, and when you compound this with how we are connecting everything to everything else, this exposes cyber physical systems to new accidents and adversaries.

The solution to the problem, according to Corman, lies in advocating for software codes, which will behave a lot like what building regulations do, to ensure buildings are safe for human use in case of a disaster.

“Playtime is over,” said Corman, “we need fewer and better suppliers.”   

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews