EP100 2022 Accelerate State of DevOps Report and Software Supply Chain Security
Dec 05, 2022•33 min•Season 1Ep. 100
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
Guests:
- John Speed Meyers, Security Data Scientist, Chainguard
- Todd Kulesza, User Experience Researcher, Google
Topics:
- How did you get involved with this year’s Accelerate State of DevOps Report (DORA report)?
- So what is DORA and why did you decide to focus on supply chain security for the 2022 report?
- What are the big learnings from this year’s report?
- What’s the difference between SLSA and SSDF? Is one spicy and the other savory? How’re companies adopting these and how is adoption going?
- Are there other areas that DevOps can be a contributor in the overall security landscape?
- How can CISOs rope DevOps fully into their security gang?
- Operationally, how should security and developers and DevOps come together to keep vulnerabilities out in the first place?
- How should security and developers and DevOps come together to respond quickly to vulnerabilities when they’re discovered?
- How do security and developers and DevOps come together to prove to their auditors and customers that they’re doing a good job of the above?
Resources:
- 2022 Accelerate State of DevOps Report
- "New insights for defending the software supply chain" blog (and new report)
- SLSA.dev site
- Secure Software Development Framework at NIST
- “Linking Up The Pieces: Software Supply Chain Security at Google and Beyond” (ep24)
- “Sharing The Mic In Cyber with STMIC Hosts Lauren and Christina: Representation, Psychological Safety, Security” (ep92)
- Go vulncheck tool
- “Reflections on Trusting Trust” paper (1984)
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast