JFrog Securing the Software Supply Chain: A CISO's Action Plan for Financial Services

The financial sector faces growing supply chain risks from third-party and open-source vulnerabilities. This virtual roundtable explores visibility across "shift left" (early development security) and "shift right" (production monitoring) practices. 

While shift-left embeds security in development, and shift-right handles the promotion and monitor of software in production, both approaches face distinct challenges with security control gates, compliance and traceability. AI's role in security is also examined. It's showing promise in code analysis and threat detection, but limitations in incident response support. While tools like Agentic AI enable automation opportunities, and MCP has the potential to accelerate the delivery of AI enabled solutions, the reality is that security controls for these areas are in their infancy. 

Session Overview:

• Examines challenges in unifying shift-left (early security) and shift-right (runtime monitoring) in DevSecOps.
• Explore gaps in CI/CD security, cloud access complexity, and the struggle to balance speed with compliance.
• Highlights AI's promise in automation and threat detection, but warns of risks like false positives and poor incident response.
• Covers emerging tools like Agentic AI and Model Context Protocol (MCP), emphasizing the need for oversight and safeguards in AI/ML-Ops.
• Offers strategies for securing supply chains and aligning AI innovation with regulatory requirements in financial institutions.  

This roundtable concludes with strategies for financial institutions to balance traditional and AI-driven controls, focusing on compliance monitoring and hardening supply chains against various threats. 

Seats are limited—reserve your spot today!