#171 - Navigating Software Supply Chain Security (with Cassie Crossley) - podcast episode cover

#171 - Navigating Software Supply Chain Security (with Cassie Crossley)

CISO Tradecraft®
Mar 04, 202447 minEp. 171
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

In this episode of CISO Tradecraft, host G Mark Hardy converses with Cassie Crossley, author of the book on software supply chain security. Hardy explores the importance of cybersecurity, the structure of software supply chains, and the potential risks they pose. Crossley shares her expert insights on different software source codes and the intricacies of secure development life cycle. She highlights the significance of Software Bill of Materials (SBOM) and the challenges in maintaining the integrity of software products. The discussion also covers the concept of counterfeits in the software world, stressing the need for continuous monitoring and a holistic approach towards cybersecurity.

Link to the Book: https://www.amazon.com/Software-Supply-Chain-Security-End/dp/1098133706?&_encoding=UTF8&tag=-0-0-20&linkCode=ur2

Transcripts: https://docs.google.com/document/d/1SJS2VzyMS-xLF0vlGIgrnn5cOP8feCV9

Chapters

  • 00:00 Introduction
  • 01:44 Discussion on Software Supply Chain Security
  • 02:33 Insights into Secure Development Life Cycle
  • 03:20 Understanding the Importance of Supplier Landscape
  • 05:09 The Role of Security in Software Supply Chain
  • 07:29 The Impact of Vulnerabilities in Software Supply Chain
  • 09:06 The Importance of Secure Software Development Life Cycle
  • 14:13 The Role of Frameworks and Standards in Software Supply Chain Security
  • 17:39 Understanding the Importance of Business Continuity Plan
  • 20:53 The Importance of Security in Agile Development
  • 24:01 Understanding OWASP and Secure Coding
  • 24:20 The Importance of API Security
  • 24:50 The Concept of Shift Left in Software Development
  • 25:20 The Role of Culture in Software Development
  • 25:52 Exploring Different Source Code Types
  • 26:19 The Rise of Low Code, No Code Platforms
  • 28:53 The Potential Risks of Generative AI Source Code
  • 34:24 Understanding Software Bill of Materials (SBOM)
  • 41:07 The Challenge of Spotting Counterfeit Software
  • 41:36 The Importance of Integrity Checks in Software Development
  • 45:45 Closing Thoughts and the Importance of Cybersecurity Awareness
For the best experience, listen in Metacast app for iOS or Android