Please leave your details and we'll let you know when it's up and ready to use.
A few weeks ago I was interviewed on the DevSec For Scale Podcast on the subject of securing the software supply chain.
The main topic covered was the SBOM – what is it, what is it for, and how to utilize it to increase your visibility, agility, and responsiveness in the face of a vulnerability.
The main ingredient I feel is missing from a lot of security schemes today is the check for integrity – between the final image or product and the SCM, as well as between packages and dependencies you intend to use, and what you’re actually using.
That ever-growing dependency tree is one of the reasons I strongly encourage everyone to use an SBOM in the first place.
I hope it’s as entertaining as it is educational.
Barak Brudo / March 31, 2022