Supply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an accurate asset or app inventory, and new opportunities, like Software Bill of Materials. From consequences to code integrity, DevOps teams need to understand how to protect their own code from others' components.
Additional resources:
- National Supply Chain Integrity Month, https://www.cisa.gov/supply-chain-integrity-month
- SCRM vendor template, https://www.cisa.gov/publication/ict-scrm-task-force-vendor-template
- CWE VIEW: Hardware Design, https://cwe.mitre.org/data/definitions/1194.html
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw147
The podcast Application Security Weekly (Video) is embedded on this page from an open RSS feed. All files, descriptions, artwork and other metadata from the RSS-feed is the property of the podcast owner and not affiliated with or validated by Podplay.