Sign up to save your podcasts
Or
Share EP100 2022 Accelerate State of DevOps Report and Software Supply Chain Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP100 2022 Accelerate State of DevOps Report and Software Supply Chain Security
Guests:
- John Speed Meyers, Security Data Scientist, Chainguard
- Todd Kulesza, User Experience Researcher, Google
Topics:
- How did you get involved with this year's Accelerate State of DevOps Report (DORA report)?
- So what is DORA and why did you decide to focus on supply chain security for the 2022 report?
- What are the big learnings from this year's report?
- What's the difference between SLSA and SSDF? Is one spicy and the other savory? How're companies adopting these and how is adoption going?
- Are there other areas that DevOps can be a contributor in the overall security landscape?
- How can CISOs rope DevOps fully into their security gang?
- Operationally, how should security and developers and DevOps come together to keep vulnerabilities out in the first place?
- How should security and developers and DevOps come together to respond quickly to vulnerabilities when they're discovered?
- How do security and developers and DevOps come together to prove to their auditors and customers that they're doing a good job of the above?
Resources:
- 2022 Accelerate State of DevOps Report
- "New insights for defending the software supply chain" blog (and new report)
- SLSA.dev site
- Secure Software Development Framework at NIST
- "Linking Up The Pieces: Software Supply Chain Security at Google and Beyond" (ep24)
- "Sharing The Mic In Cyber with STMIC Hosts Lauren and Christina: Representation, Psychological Safety, Security" (ep92)
- Go vulncheck tool
- "Reflections on Trusting Trust" paper (1984)
View all episodes
By Anton Chuvakin
4.8
3939 ratings
Guests:
- John Speed Meyers, Security Data Scientist, Chainguard
- Todd Kulesza, User Experience Researcher, Google
Topics:
- How did you get involved with this year's Accelerate State of DevOps Report (DORA report)?
- So what is DORA and why did you decide to focus on supply chain security for the 2022 report?
- What are the big learnings from this year's report?
- What's the difference between SLSA and SSDF? Is one spicy and the other savory? How're companies adopting these and how is adoption going?
- Are there other areas that DevOps can be a contributor in the overall security landscape?
- How can CISOs rope DevOps fully into their security gang?
- Operationally, how should security and developers and DevOps come together to keep vulnerabilities out in the first place?
- How should security and developers and DevOps come together to respond quickly to vulnerabilities when they're discovered?
- How do security and developers and DevOps come together to prove to their auditors and customers that they're doing a good job of the above?
Resources:
- 2022 Accelerate State of DevOps Report
- "New insights for defending the software supply chain" blog (and new report)
- SLSA.dev site
- Secure Software Development Framework at NIST
- "Linking Up The Pieces: Software Supply Chain Security at Google and Beyond" (ep24)
- "Sharing The Mic In Cyber with STMIC Hosts Lauren and Christina: Representation, Psychological Safety, Security" (ep92)
- Go vulncheck tool
- "Reflections on Trusting Trust" paper (1984)
More shows like Cloud Security Podcast by Google
View all
WSJ Your Money Briefing
1,723 Listeners
WSJ What’s News
4,423 Listeners
Security Now (Audio)
2,010 Listeners
Risky Business
373 Listeners
CyberWire Daily
1,026 Listeners
NVIDIA AI Podcast
347 Listeners
Darknet Diaries
8,079 Listeners
Cybersecurity Today
177 Listeners
Practical AI
211 Listeners
Cloud Security Podcast
58 Listeners
Cybersecurity Headlines
140 Listeners
Huberman Lab
29,297 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
683 Listeners
HBR On Leadership
169 Listeners
AI Security Podcast
9 Listeners