We’re excited to welcome back Derek Weeks, recognized as the world’s foremost researcher on the topic of DevSecOps and securing software supply chains, to the podcast! Derek shares insights on just how little has changed relative to securing software supply chains and using SBOMs in the two years since we last caught up with him. For those new to SBOMs, they are like the nutritional label on a cereal box except for open source software (OSS). We're we’re seeing astronomical growth in organizations’ use of OSS to the tune of 3+ trillion downloads in 2023. And even with events such as Log4j within the last year, we still haven’t had the cataclysmic event to act as a forcing function for more organizations to embrace SBOMs. This has opened the door for the U.S. Government to bring to the table the Securing Open Source Software Act of 2022. Derek also shares perspective on the importance of automation, accountability for supply chain security, investment range for industry to improve the security of code the next two years, and today’s realities for those buying cyber insurance.
Derek Weeks, Cybersecurity Advocate
Derek E. Weeks is the world’s foremost researcher on the topic of DevSecOps and securing software supply chains. For the past seven years, he has championed the research of the annual State of the Software Supply Chain Report and the DevSecOps Community Survey. Derek is also the co-founder of All Day DevOps, an online community of 95,000 IT professionals. In 2018, Derek was recognized by DevOps.com as the “Best DevOps Evangelist” for his work in the community.
For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e204