The Application Security Podcast cover image

The Application Security Podcast

Kyle Kelly -- The Dumpster Fire of Software Supply Chain Security

Jan 30, 2024
Kyle Kelly, Founder of Cram Hacks and a seasoned security consultant, dives into the chaotic landscape of software supply chain security. He provocatively claims it resembles a 'dumpster fire,' shedding light on the urgent need for clearer definitions in the industry. Kyle discusses the impact of governance and regulatory pressures on software development, balancing security policies with innovation. He also critiques unrealistic expectations on developers and emphasizes the necessity for robust practices around open-source components to enhance security.
41:17

Episode guests

Kyle Kelly

Podcast summary created with Snipd AI

Quick takeaways

  • The confusion surrounding software supply chain security arises from differing stakeholder interpretations, hindering effective risk management and targeted solutions.
  • Establishing build reproducibility through tools like lock files is crucial for improving visibility into vulnerabilities and enhancing security measures in software development.

Deep dives

The State of Software Supply Chain Security

The current state of software supply chain security is criticized for lacking a clear and actionable definition. Different stakeholders provide varying interpretations of what constitutes software supply chain security, leading to confusion and ineffective practices. For example, incidents like SolarWinds are often categorized as supply chain security issues when they may more accurately fall under application security vulnerabilities. This generalization hampers the industry's ability to address specific risks effectively and to develop targeted solutions.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
App store bannerPlay store banner
 Get the app