46 min
#171 - Navigating Software Supply Chain Security (with Cassie Crossley) CISO Tradecraft®
-
- Technology
In this episode of CISO Tradecraft, host G Mark Hardy converses with Cassie Crossley, author of the book on software supply chain security. Hardy explores the importance of cybersecurity, the structure of software supply chains, and the potential risks they pose. Crossley shares her expert insights on different software source codes and the intricacies of secure development life cycle. She highlights the significance of Software Bill of Materials (SBOM) and the challenges in maintaining the integrity of software products. The discussion also covers the concept of counterfeits in the software world, stressing the need for continuous monitoring and a holistic approach towards cybersecurity.
Link to the Book: https://www.amazon.com/Software-Supply-Chain-Security-End/dp/1098133706?&_encoding=UTF8&tag=-0-0-20&linkCode=ur2
Transcripts: https://docs.google.com/document/d/1SJS2VzyMS-xLF0vlGIgrnn5cOP8feCV9
Chapters
00:00 Introduction
01:44 Discussion on Software Supply Chain Security
02:33 Insights into Secure Development Life Cycle
03:20 Understanding the Importance of Supplier Landscape
05:09 The Role of Security in Software Supply Chain
07:29 The Impact of Vulnerabilities in Software Supply Chain
09:06 The Importance of Secure Software Development Life Cycle
14:13 The Role of Frameworks and Standards in Software Supply Chain Security
17:39 Understanding the Importance of Business Continuity Plan
20:53 The Importance of Security in Agile Development
24:01 Understanding OWASP and Secure Coding
24:20 The Importance of API Security
24:50 The Concept of Shift Left in Software Development
25:20 The Role of Culture in Software Development
25:52 Exploring Different Source Code Types
26:19 The Rise of Low Code, No Code Platforms
28:53 The Potential Risks of Generative AI Source Code
34:24 Understanding Software Bill of Materials (SBOM)
41:07 The Challenge of Spotting Counterfeit Software
41:36 The Importance of Integrity Checks in Software Development
45:45 Closing Thoughts and the Importance of Cybersecurity Awareness
In this episode of CISO Tradecraft, host G Mark Hardy converses with Cassie Crossley, author of the book on software supply chain security. Hardy explores the importance of cybersecurity, the structure of software supply chains, and the potential risks they pose. Crossley shares her expert insights on different software source codes and the intricacies of secure development life cycle. She highlights the significance of Software Bill of Materials (SBOM) and the challenges in maintaining the integrity of software products. The discussion also covers the concept of counterfeits in the software world, stressing the need for continuous monitoring and a holistic approach towards cybersecurity.
Link to the Book: https://www.amazon.com/Software-Supply-Chain-Security-End/dp/1098133706?&_encoding=UTF8&tag=-0-0-20&linkCode=ur2
Transcripts: https://docs.google.com/document/d/1SJS2VzyMS-xLF0vlGIgrnn5cOP8feCV9
Chapters
00:00 Introduction
01:44 Discussion on Software Supply Chain Security
02:33 Insights into Secure Development Life Cycle
03:20 Understanding the Importance of Supplier Landscape
05:09 The Role of Security in Software Supply Chain
07:29 The Impact of Vulnerabilities in Software Supply Chain
09:06 The Importance of Secure Software Development Life Cycle
14:13 The Role of Frameworks and Standards in Software Supply Chain Security
17:39 Understanding the Importance of Business Continuity Plan
20:53 The Importance of Security in Agile Development
24:01 Understanding OWASP and Secure Coding
24:20 The Importance of API Security
24:50 The Concept of Shift Left in Software Development
25:20 The Role of Culture in Software Development
25:52 Exploring Different Source Code Types
26:19 The Rise of Low Code, No Code Platforms
28:53 The Potential Risks of Generative AI Source Code
34:24 Understanding Software Bill of Materials (SBOM)
41:07 The Challenge of Spotting Counterfeit Software
41:36 The Importance of Integrity Checks in Software Development
45:45 Closing Thoughts and the Importance of Cybersecurity Awareness
46 min