Yadhu Krishna M. of CRED outlines practical frameworks for reducing software supply chain risk using SBOM-driven visibility and dependency ownership mapping that aligns security priorities with engineering workflows.
Software supply chains introduce systemic risk through base images, third-party dependencies and transitive components that outpace traditional vulnerability management. Mid-to-large organizations struggle to maintain development velocity while establishing accountability, visibility and prioritization across fragmented engineering environments. This topic presents a defensive framework that uses software bills of materials as a control plane to expose runtime risk, resolve ownership across layers, and reduce friction between security and engineering teams.
In this insightful session, Yadhu Krishna M., security engineer at CRED, will discuss:
- Detecting unapproved and outdated base images using layer-level analysis;
- Prioritizing vulnerabilities based on exposure, reachability and service criticality;
- Reducing remediation noise from shared and internal dependency packages.
Here is the course outline:
Securing the Chains: Defensive Layers for Software Supply Chain Risk |
Completion
The following certificates are awarded when the course is completed:
 |
CPE Credit Certificate |
