Matt Rose -- Software Supply Chain Security Means Many Different Things to Different People

Jun 11, 2024

Matt Rose takes listeners on a journey through the intricate world of software supply chain security. He highlights how perceptions vary across the industry and critiques the buzzword 'shift left.' The discussion dives into the roles of digital twins and AI, revealing their potential risks and benefits. Emphasizing threat modeling as a crucial early step, Matt argues for a comprehensive security approach. The conversation also touches on industry trends, the pitfalls of jargon, and the importance of navigating current and emerging security challenges.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Matt Rose's AppSec Origin Story

Matt Rose entered AppSec accidentally after years in software engineering.
He became involved early with Fortify and Checkmarks, shaping his AppSec career.

INSIGHT

Supply Chain Security Is Perception

Software supply chain security means different things to different people, often tied to perception.
Commonly confused with physical supply chains or limited to tooling, firmware, or malware in embedded systems.

ADVICE

Shift Security Everywhere, Not Left

Do not rely solely on software composition analysis (SCA) for supply chain security.
Shift security focus everywhere in development, not just "left" early stages.

Get the Snipd Podcast app to discover more snips from this episode

Get the app