Sign up to save your podcasts
Or
Share EP100 2022 Accelerate State of DevOps Report and Software Supply Chain Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP100 2022 Accelerate State of DevOps Report and Software Supply Chain Security
Guests:
- John Speed Meyers, Security Data Scientist, Chainguard
- Todd Kulesza, User Experience Researcher, Google
Topics:
- How did you get involved with this year’s Accelerate State of DevOps Report (DORA report)?
- So what is DORA and why did you decide to focus on supply chain security for the 2022 report?
- What are the big learnings from this year’s report?
- What’s the difference between SLSA and SSDF? Is one spicy and the other savory? How’re companies adopting these and how is adoption going?
- Are there other areas that DevOps can be a contributor in the overall security landscape?
- How can CISOs rope DevOps fully into their security gang?
- Operationally, how should security and developers and DevOps come together to keep vulnerabilities out in the first place?
- How should security and developers and DevOps come together to respond quickly to vulnerabilities when they’re discovered?
- How do security and developers and DevOps come together to prove to their auditors and customers that they’re doing a good job of the above?
Resources:
- 2022 Accelerate State of DevOps Report
- "New insights for defending the software supply chain" blog (and new report)
- SLSA.dev site
- Secure Software Development Framework at NIST
- “Linking Up The Pieces: Software Supply Chain Security at Google and Beyond” (ep24)
- “Sharing The Mic In Cyber with STMIC Hosts Lauren and Christina: Representation, Psychological Safety, Security” (ep92)
- Go vulncheck tool
- “Reflections on Trusting Trust” paper (1984)
View all episodes
By Anton Chuvakin
4.8
3838 ratings
Guests:
- John Speed Meyers, Security Data Scientist, Chainguard
- Todd Kulesza, User Experience Researcher, Google
Topics:
- How did you get involved with this year’s Accelerate State of DevOps Report (DORA report)?
- So what is DORA and why did you decide to focus on supply chain security for the 2022 report?
- What are the big learnings from this year’s report?
- What’s the difference between SLSA and SSDF? Is one spicy and the other savory? How’re companies adopting these and how is adoption going?
- Are there other areas that DevOps can be a contributor in the overall security landscape?
- How can CISOs rope DevOps fully into their security gang?
- Operationally, how should security and developers and DevOps come together to keep vulnerabilities out in the first place?
- How should security and developers and DevOps come together to respond quickly to vulnerabilities when they’re discovered?
- How do security and developers and DevOps come together to prove to their auditors and customers that they’re doing a good job of the above?
Resources:
- 2022 Accelerate State of DevOps Report
- "New insights for defending the software supply chain" blog (and new report)
- SLSA.dev site
- Secure Software Development Framework at NIST
- “Linking Up The Pieces: Software Supply Chain Security at Google and Beyond” (ep24)
- “Sharing The Mic In Cyber with STMIC Hosts Lauren and Christina: Representation, Psychological Safety, Security” (ep92)
- Go vulncheck tool
- “Reflections on Trusting Trust” paper (1984)
More shows like Cloud Security Podcast by Google
View all
Risky Business
363 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
633 Listeners
The Cloudcast
154 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
CyberWire Daily
1,007 Listeners
AWS Podcast
199 Listeners
Smashing Security
314 Listeners
Click Here
390 Listeners
Cybersecurity Today
141 Listeners
Kubernetes Podcast from Google
182 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
312 Listeners
Defense in Depth
75 Listeners
Cyber Security Headlines
120 Listeners
Risky Bulletin
33 Listeners