Software Supply Chain Security - Key Terms, Players, And Projects You Need To Know About - podcast episode cover

Software Supply Chain Security - Key Terms, Players, And Projects You Need To Know About

The Secure Developer
Feb 13, 202341 minSeason 8Ep. 127
--:--
--:--
Listen in podcast apps:
Metacast
Spotify
Youtube
RSS

Episode description

When we stop to think about the software running in our production environments, a large proportion of it is very likely open source. Are there effective mechanisms to truly understand and have visibility into all of these libraries? How do you ensure that these libraries are secure? To answer these questions, we feature input from Guy Podjarny, Lena Smart, Brian Behlendorf, Aeva Black, Emily Fox, Jim Zemlin, David Wheeler and Simon Maple as we dissect some key terms and promising projects in the software supply chain security space. Tuning in, you’ll learn what the term SBOM means, why the problem of securing the open-source pipeline is such a complex one, and what organizations like the Open Source Software Foundation (SSF) and Open Source Initiative (OSI) are doing to address it. We also introduce some key players that can provide you with assistance as you work to improve your own open-source security or software supply chain security posture. For all this and more, you won’t want to miss part two of The Secure Developer’s software supply chain security series! 

Follow Us

Software Supply Chain Security - Key Terms, Players, And Projects You Need To Know About | The Secure Developer podcast - Listen or read transcript on Metacast