Software Supply Chain Security: All You Need To Know

Episode 13by Daniel FreyNovember 9, 2022
Start listening

Researchers found a 633% year-over-year increase in software supply chain attacks in 2022 so far, and there has been an annual, overall increase of 742% since 2019.

In this Episode, Barak Brudo (Developer Relations Advocate at Scribe Security) and I have discussed some of the finer points of Software Supply Chain Security, from what it is to what you can do today to make your company’s code much more secure (hint, use an SBOM).

Episode timelines
00:54All about our guest 01:40What does Software Supply Chain even mean? 08:44Diving into the Security aspect of Software Supply Chain 13:24Where did the name SBOM came from? 16:14How does SBOM reports looks like actually? 18:51Talking more about what’s SBOM is… 22:32Is having an SBOM mean you are totally secured? 32:43What are the shortcomings of using an SBOM? 33:18Summary & Closing

Resources:

The open-source SBOM: https://github.com/tern-tools/tern

An open-source tool that allows scanning an SBOM for CVEs: https://github.com/anchore/grype

Tagged as:
Share this
FacebookXRedditEmail
Join the discussion

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from this show

Software Supply Chain Security: All You Need To Know
Episode 13