August 11, 2022
Security Challenges in Software Development with DevOps and How to Overcome Them. Supply Chain Attacks are becoming increasingly relevant and to be prepared against them, established security measures are required across the entire software product lifecycle.
Shiftconnector® has been developed by eschbach GmbH for the process manufacturing industry. The software is used globally by many leading companies such as Bayer, DuPont, BASF and Roche. Shiftconnector is part of these companies’ software supply chains, integrating data with ERP and plant maintenance systems, process signals and more.
Supply chain attacks are becoming increasingly relevant and established security measures across the entire software product lifecycle are required to guard against them. Well-known attacks, such as „NotPetya“, the „SolarWinds hack“ or the “Kaseya hack” have shown how fatal the effects of a supply chain attack can be; however, implementing appropriate countermeasures is not a trivial matter. eschbach GmbH has conducted comprehensive security analyses to find opportunities for supply chain attacks in DevOps and modern development environments. Based on this, a Secure Software Product LifeCycle (SSPLC) was developed using a variety of established and recognized standards. This takes supply chain attacks into account and, based on the integration of DevSecOps principles, enables the transformation from a DevOps approach to a DevSecOps approach.
As an IT Security Specialist who has been working for eschbach GmbH since 2018, Simon Günter has in-depth expertise in areas such as supply chain attacks, attack analysis and software security. In 2021, he won the sponsorship award of the Association of German Engineers with his work on DevSecOps and software supply chain attacks and has already given several expert lectures on these topics.