Sveriges mest populära poddar
Start / The Application Security Podcast / Chris hughes software transparency

The Application Security Podcast

Chris Hughes -- Software Transparency

39 min • 20 januari 2024

Chris Hughes, co-founder of Aquia, joins Chris and Robert on the Application Security Podcast to discuss points from his recent book Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, co-authored with Tony Turner. The conversation touches on the U.S. government in the software supply chain, the definition and benefits of software transparency, the concept of a software bill of materials (SBOM), and the growth of open-source software.

The episode also covers crucial topics like compliance versus real security in software startups, the role of SOC 2 in setting security baselines, and the importance of threat modeling in understanding software supply chain risks. They also talk about the imbalance between software suppliers and consumers in terms of information transparency and the burden on developers and engineers to handle vulnerability lists with little context.

As an expert in the field, Chris touches on the broader challenges facing the cybersecurity community, including the pitfalls of overemphasizing technology at the expense of building strong relationships and trust. He advocates for a more holistic approach to security, one that prioritizes people over technology.

Links

Software Transparency: Supply Chain Security in an Era of a Software-Driven Society by Chris Hughes and Tony Turner
https://www.wiley.com/en-us/Software+Transparency%3A+Supply+Chain+Security+in+an+Era+of+a+Software+Driven+Society-p-9781394158492

Application Security Program Handbook by Derek Fisher https://www.simonandschuster.com/books/Application-Security-Program-Handbook/Derek-Fisher/9781633439818

Agile Application Security by Laura Bell, Michael Brunton-Spall, Rich Smith, Jim Bird
https://www.oreilly.com/library/view/agile-application-security/9781491938836/

CNCF Catalog of Supply Chain Compromises
https://github.com/cncf/tag-security/blob/main/supply-chain-security/compromises/README.md

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Kategorier
NyheterPoddarTekniknyheterTeknologi
Förekommer på
Teknik
00:00 -00:00
Hur lyssnar jag på podcast?

En liten tjänst av I'm With Friends. Finns även på engelska.