From Codes to Security by Design: Navigating Software Cybersecurity

Shanti Ariker is the Chief Legal Officer of JFrog (NASDAQ: FROG), where she leads the company’s global legal policy development and compliance. She is a solution-creator with global legal expertise, leveraging more than 20 years of experience working with high-growth technology companies to act as a trusted business advisor to CEO and executive teams and public company Boards of Directors.

In this episode…

The rise in cyber risks is placing increased pressure on companies to closely examine their software and codes and integrate security measures into every stage of the software development process. And, with the SEC cyber rule requiring  publicly traded companies to report material breaches, there’s an increased need for companies to perform thorough due diligence on their vendors, especially those incorporating AI into their products. So, how can businesses protect their supply chains in such a volatile environment?

Supply chain security is not a one-time task but an ongoing process that demands continuous integration of security throughout the software lifecycle. Companies like JFrog, a software supply chain platform, recognize this and utilize a security by design approach to help companies reduce cyber risk by embedding security protocols into every stage of its software design process, securing each piece of code at the binary level before it reaches the end user.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Shanti Ariker, the Chief Legal Officer at JFrog, about the complexities of securing the software supply chain in today’s tech and regulatory landscapes. Shanti explains how JFrog embeds security by design principles into every stage of software development to help companies mitigate cyber risks, while enabling companies to conduct thorough due diligence on their suppliers' cybersecurity, legal, IT, and privacy practices. She also emphasizes the need for companies to implement a robust AI review process, particularly for third-party vendors incorporating AI into their products to gain a holistic review of the cybersecurity, data privacy, and regulatory compliance implications.