BEGIN:VCALENDAR VERSION:2.0 PRODID:IEEE vTools.Events//EN CALSCALE:GREGORIAN BEGIN:VTIMEZONE TZID:Pacific/Honolulu BEGIN:STANDARD DTSTART:19470608T023000 TZOFFSETFROM:-1130 TZOFFSETTO:-1000 TZNAME:HST END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTAMP:20240308T002705Z UID:B17437BB-466C-43D9-A6D1-5E82069E2CE1 DTSTART;TZID=Pacific/Honolulu:20231011T173000 DTEND;TZID=Pacific/Honolulu:20231011T193000 DESCRIPTION:Secure Sourcing of COTS Products\n\nSystems are built by integr ating components upwards from the lowest level of the supply chain to the finished\, often highly complex\, product. That upward integration process represents a potential security weakness. In that\, without direct scruti ny or control from the OEM it is possible to surreptitiously insert malici ous code\, or counterfeit parts at the bottom of a multilevel\, or offshor ed\, build. And inevitably any malicious object that is inserted down the integration ladder will then be integrated into the end-product\, the most recent example being the SolarWinds hack of 2021.\n\nThe possibility of s uch a thing occurring is so obvious that you would think that there have b een practical efforts to address it. However\, even though we’ve expende d a lot of time and effort to ensure robust\, efficient and defect-free co de production\, we have done very little to ensure against compromises tha t might occur during the integration process. So\, the aim of this talk is to outline the challenge of supply chain risk\, as well as present a coup le of potential solutions from the automobile industry.\n\nCo-sponsored by : HTDC\, Entrepreneurs Sandbox\, & Hub Coworking\n\nSpeaker(s): Dan Shoema ker\n\nAgenda: \nThis is a hybrid event. The speaker will present remotely and hold a live Q&A session.\n\nPlease register to help us manage the hea dcount and food.\n\nRoom: Purple Box\, Entrepreneurs Sandbox\, 643 Ilalo S t\, Honolulu\, Hawaii\, United States\, 96813\, Virtual: https://events.vt ools.ieee.org/m/365442 LOCATION:Room: Purple Box\, Entrepreneurs Sandbox\, 643 Ilalo St\, Honolulu \, Hawaii\, United States\, 96813\, Virtual: https://events.vtools.ieee.or g/m/365442 ORGANIZER:eugene.chang@ieee.org SEQUENCE:41 SUMMARY:Secure Sourcing of COTS Software URL;VALUE=URI:https://events.vtools.ieee.org/m/365442 X-ALT-DESC:Description: <br /><p><span style="font-size: 14pt\;"><strong>Se cure Sourcing of COTS Products</strong></span></p>\n<p><span style="font-s ize: 14pt\;">Systems are built by integrating components upwards from the lowest level of the supply chain to the finished\, often highly complex\, product.<span class="Apple-converted-space">&nbsp\; </span>That upward int egration process represents a potential security weakness. In that\, witho ut direct scrutiny or control from the OEM it is possible to surreptitious ly insert malicious code\, or counterfeit parts at the bottom of a multile vel\, or offshored\, build. And inevitably any malicious object that is in serted down the integration ladder will then be integrated into the end-pr oduct\, the most recent example being the SolarWinds hack of 2021.<span cl ass="Apple-converted-space">&nbsp\;</span></span></p>\n<p><span style="fon t-size: 14pt\;">The possibility of such a thing occurring is so obvious th at you would think that there have been practical efforts to address it. H owever\, even though we&rsquo\;ve expended a lot of time and effort to ens ure robust\, efficient and defect-free code production\, we have done very little to ensure against compromises that might occur during the integrat ion process. So\, the aim of this talk is to outline the challenge of supp ly chain risk\, as well as present a couple of potential solutions from th e automobile industry. <span class="Apple-converted-space">&nbsp\;</span>< /span></p><br /><br />Agenda: <br /><p><span style="font-size: 14pt\;">Thi s is a hybrid event. The speaker will present remotely and hold a live Q&a mp\;A session.</span></p>\n<p><span style="font-size: 14pt\;">Please regis ter to help us manage the headcount and food.</span></p> END:VEVENT END:VCALENDAR