S4E20: Luke Hinds & Craig McLuckie - The Founders Journey & Software Supply Chain Security

- First off, can you each tell us a bit about your backgrounds and experience in the space?

- What made you all decide to found Stacklok, what gaps and opportunities in the ecosystem did you see?

- What are your thoughts around the industry's response to software supply chain security and how do you see things such as OSS and Sigstore playing a role?

- While we've seen tremendous adoption of OSS and for reasons such as speed to market, the robust OSS community, innovation and more, as you both know, OSS has its concerns too, such as pedigree/provenance, known vulnerabilities, lack of maintenance and support etc. How do organizations balance these concerns while still taking advantage of OSS?

- No software supply chain security discussions would be complete without touching on SBOM, which has gotten a lot of industry attention on the topics. What are each of your thoughts on SBOM?

- Another topic that is around every corner lately is AI and the disruption it will cause. We're seeing organizations integrate and market AI into every possible use case when it comes to cybersecurity while there is also a lot of FUD about malicious actors using AI and even calling it a possible "extinction event". What is your take on AI and the role it is and will have on software supply chain and cyber?