Improving The Trust In The Software Supply Chain

All Resources

A few weeks ago Barak Brudo was interviewed on the DevSec For Scale Podcast on the subject of securing the software supply chain.

The main topic covered was the SBOM – what is it, what is it for, and how to utilize it to increase your visibility, agility, and responsiveness in the face of a vulnerability.

The main ingredient we feel is missing from a lot of security schemes today is the check for integrity – between the final image or product and the SCM, as well as between packages and dependencies you intend to use, and what you’re actually using.

That ever-growing dependency tree is one of the reasons we strongly encourage everyone to use an SBOM in the first place.

We hope it’s as entertaining as it is educational.