Sign up to save your podcasts
Or
Share Chris Hughes -- Software Transparency
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Chris Hughes -- Software Transparency
Chris Hughes, co-founder of Aquia, joins Chris and Robert on the Application Security Podcast to discuss points from his recent book Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, co-authored with Tony Turner. The conversation touches on the U.S. government in the software supply chain, the definition and benefits of software transparency, the concept of a software bill of materials (SBOM), and the growth of open-source software.
The episode also covers crucial topics like compliance versus real security in software startups, the role of SOC 2 in setting security baselines, and the importance of threat modeling in understanding software supply chain risks. They also talk about the imbalance between software suppliers and consumers in terms of information transparency and the burden on developers and engineers to handle vulnerability lists with little context.
As an expert in the field, Chris touches on the broader challenges facing the cybersecurity community, including the pitfalls of overemphasizing technology at the expense of building strong relationships and trust. He advocates for a more holistic approach to security, one that prioritizes people over technology.
Links
Software Transparency: Supply Chain Security in an Era of a Software-Driven Society by Chris Hughes and Tony Turner
https://www.wiley.com/en-us/Software+Transparency%3A+Supply+Chain+Security+in+an+Era+of+a+Software+Driven+Society-p-9781394158492
Application Security Program Handbook by Derek Fisher https://www.simonandschuster.com/books/Application-Security-Program-Handbook/Derek-Fisher/9781633439818
Agile Application Security by Laura Bell, Michael Brunton-Spall, Rich Smith, Jim Bird
https://www.oreilly.com/library/view/agile-application-security/9781491938836/
CNCF Catalog of Supply Chain Compromises
https://github.com/cncf/tag-security/blob/main/supply-chain-security/compromises/README.md
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
View all episodes
By Chris Romeo and Robert Hurlbut
5
3636 ratings
Chris Hughes, co-founder of Aquia, joins Chris and Robert on the Application Security Podcast to discuss points from his recent book Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, co-authored with Tony Turner. The conversation touches on the U.S. government in the software supply chain, the definition and benefits of software transparency, the concept of a software bill of materials (SBOM), and the growth of open-source software.
The episode also covers crucial topics like compliance versus real security in software startups, the role of SOC 2 in setting security baselines, and the importance of threat modeling in understanding software supply chain risks. They also talk about the imbalance between software suppliers and consumers in terms of information transparency and the burden on developers and engineers to handle vulnerability lists with little context.
As an expert in the field, Chris touches on the broader challenges facing the cybersecurity community, including the pitfalls of overemphasizing technology at the expense of building strong relationships and trust. He advocates for a more holistic approach to security, one that prioritizes people over technology.
Links
Software Transparency: Supply Chain Security in an Era of a Software-Driven Society by Chris Hughes and Tony Turner
https://www.wiley.com/en-us/Software+Transparency%3A+Supply+Chain+Security+in+an+Era+of+a+Software+Driven+Society-p-9781394158492
Application Security Program Handbook by Derek Fisher https://www.simonandschuster.com/books/Application-Security-Program-Handbook/Derek-Fisher/9781633439818
Agile Application Security by Laura Bell, Michael Brunton-Spall, Rich Smith, Jim Bird
https://www.oreilly.com/library/view/agile-application-security/9781491938836/
CNCF Catalog of Supply Chain Compromises
https://github.com/cncf/tag-security/blob/main/supply-chain-security/compromises/README.md
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More shows like The Application Security Podcast
View all
Risky Business
372 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,021 Listeners
Thoughtworks Technology Podcast
43 Listeners
Darknet Diaries
8,061 Listeners
Application Security Weekly (Audio)
12 Listeners
Application Security Weekly (Video)
4 Listeners
Cybersecurity Today
179 Listeners
CISO Series Podcast
189 Listeners
The Peter Attia Drive
8,487 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
139 Listeners
Risky Bulletin
44 Listeners
The Rundown
413 Listeners
The Security Table
2 Listeners