Secure Software Supply-Chain
Episode description
Dan Lorenc (@lorenc_dan, Founder/CEO @chainguard_dev) talks about modern software-supply chains, Sigstore and SBOM.
SHOW: 655
CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw
CHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"
SHOW SPONSORS:
- Datadog Application Monitoring: Modern Application Performance Monitoring
- Get started monitoring service dependencies to eliminate latency and errors and enhance your users app experience with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt.
- CDN77 - Content Delivery Network Optimized for Video
- 85% of users stop watching a video because of stalling and rebuffering. Rely on CDN77 to deliver a seamless online experience to your audience. Ask for a free trial with no duration or traffic limits.
SHOW NOTES:
- Chainguard (homepage)
- Sigstore - standard for signing, verifying and protecting software
- CISA SBOM (Software Bill of Materials)
Topic 1 - Welcome to the show. Let’s talk about your background, and led you to found Chainguard.
Topic 2 - Over the last couple years, we’ve seen several high-profile hacks where malicious code was a big part of the problem. As an industry, where are we in terms of managing the security around software?
Topic 3 - Now that we’re building software much faster, and software is coming from so many different (and often unknown/untrusted) places, what are some of the technology shifts that are happening to address these new environments?
Topic 4 - Chainguard is focused on both secure container images and now secure supply-chain solutions. Walk us through how your offers fit into today’s software challenges.
Topic 5 - There is a new term we’re hearing quite a bit, SBOM (Secure Bill of Materials). How does SBOM fit into this bigger picture? What are the technologies behind the scenes that make it possible?
Topic 6 - For anyone focusing on this area, what are some good ways to get involved with the new technologies and way of thinking about software security?
FEEDBACK?
- Email: show at the cloudcast dot net
- Twitter: @thecloudcastnet