AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Resilient Cyber
S2E2: Cole Kennedy - Software Supply Chain Security, SBOM and Open Source
Oct 13, 2021
19:47
I was reading the CISA document "Defending Against Software Supply Chain" and was curious if the guidance within was helpful or informative for anyone who wants to start a S-SCRM program?
What role do you feel compliance frameworks play in SCRM? We are seeing sources such as NIST 800-53 include SCRM specific controls now. Will it help?
What would you say is the most resilient component an individual could add to their own organization to recover quickly in the event of a software supply chain attack?
From the perspective of Cloud, do you feel cloud adoption can help, or hinder when it comes to driving down risk associated with the supply chain?
What are the biggest concerns / risks when it comes to building a secure software supply chain program
I know you've been involved with projects such as TUF and in-toto. Can you help folks understand what those are and why they are valuable?
What does the term "Cyber Resilient" mean to you?
Find out more from Cole at Testify Sec - https://www.testifysec.com/
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode