S6E8: Erez Yalon - AppSec, Supply Chain and Security Research

- What are some of the most interesting developments in the world of software supply chain security (SSCS) in the last 12 months or so?

- It's now been a couple of years since the major fall out of notable incidents such as SolarWinds and Log4j, do you feel like the industry is making headway in addressing software supply chain threats?

- For organizations either just starting or looking to mature their software supply chain maturity, where are some key areas you recommend organizations focus their attention?

- We have a complex landscape from extensive use of open source, SaaS and Cloud providers, partners and third parties, how have you seen firms successfully handle this complexity when it comes to activities such as incident response? 

- There's a bit of a heated debate in the industry underway on point products vs. platforms. I know Checkmarx has a comprehensive AppSec platform. How do you view this debate, and do you think we will always have and see the need for point products, best of breed and comprehensive platforms in the industry?

- You spend a fair bit of time focused on SSCS research, how does your team approach these activities and sharing the insights with the community?

- Checkmarx shares a tremendous amount of informative and insightful research around SSCS. Where can folks learn more and what are some of the interesting projects you all are currently working on?