Supply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an accurate asset or app inventory, and new opportunities, like Software Bill of Materials. From consequences to code integrity, DevOps teams need to understand how to protect their own code from others' components.
Additional resources:
- National Supply Chain Integrity Month, https://www.cisa.gov/supply-chain-integrity-month
- SCRM vendor template, https://www.cisa.gov/publication/ict-scrm-task-force-vendor-template
- CWE VIEW: Hardware Design, https://cwe.mitre.org/data/definitions/1194.html
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw147
Podcasten Application Security Weekly (Video) är inbäddad på denna sida från ett öppet RSS-flöde. Alla filer, beskrivningar, bilder och annan metadata från flödet tillhör podcastens ägare och är inte anslutet till eller validerat av Podplay.