In a recent interview, Gitlab’s CISO, Francis Ofungwu, spoke about the evolution of workplace security, open-source software supply chain management, and the need for a holistic view of security solutions.

Francis pointed out that organisations are still in the early stages of resolving the challenge of remote working, but they’re more lost in managing the open-source software supply chain, including making sure the software they release has the trustworthiness required to keep the lights on.

He emphasised that the battle around open-source software is just beginning, and it’s hard to know exactly where the issues are due to the nesting dependencies and connections with the software we use today.

Francis suggested that the value of an “ass bomb” (Active Software Supply Chain Management Bill of Materials) lies in demonstrating exactly what the recipes or the components of your software are when the next vulnerable library is detected.

This will help reduce the time to resolution for supply chain incidents, which is currently going up due to a lack of full visibility into the components of the software and their nesting dependencies.”

Finally, Francis emphasised the need for CISOs and security teams to enable the front lines of users, developers, and engineers to be efficient in managing some risks proactively and escalating the things they can’t manage through the security team.

This is what scale looks like, and it’s crucial to ensure the well-being of security personnel who are tasked with managing the tangled mess of software dependencies and components.

Francis will share more on Achieving Security and Compliance as ADAPT gathers 120 Australian leading CISOs at Security Edge.

Contributors
Peter Hind Principal Research Analyst at ADAPT
One of the ICT industry’s foremost analysts and commentators, Peter Hind has spent over 25 years advising and talking on topics across... More

One of the ICT industry’s foremost analysts and commentators, Peter Hind has spent over 25 years advising and talking on topics across the technology industry. His primary areas of interest are the potential of technology to transform the way organisations operate, the change management obstacles executives encounter in realising this potential, as well as the tactics and techniques leaders have deployed to overcome these difficulties.​

With roles across IDC, Unisys, NCR, Sigma Data, and others, Peter now takes on multiple roles within ADAPT including the moderation of private events and roundtables, interviewing business executives about the strategies they are pursuing and assisting with the structuring of delegate surveys.​

Less
Francis Ofungwu Global Field CISO at GitLab
I am an experienced information security and digital privacy leader with proficiency in building programs, business development, product management, and leading cross-functional... More

I am an experienced information security and digital privacy leader with proficiency in building programs, business development, product management, and leading cross-functional teams. I have a strong track record of leading new initiatives to produce measured value, and transforming existing operations to align with stakeholder expectations.

I am passionate about simplifying complex information security and privacy concepts, and coaching technology professionals in communication and organizational alignment.

Less
Security