Sign up to save your podcasts
Or
Share EP100 2022 Accelerate State of DevOps Report and Software Supply Chain Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP100 2022 Accelerate State of DevOps Report and Software Supply Chain Security
Guests:
- John Speed Meyers, Security Data Scientist, Chainguard
- Todd Kulesza, User Experience Researcher, Google
Topics:
- How did you get involved with this year's Accelerate State of DevOps Report (DORA report)?
- So what is DORA and why did you decide to focus on supply chain security for the 2022 report?
- What are the big learnings from this year's report?
- What's the difference between SLSA and SSDF? Is one spicy and the other savory? How're companies adopting these and how is adoption going?
- Are there other areas that DevOps can be a contributor in the overall security landscape?
- How can CISOs rope DevOps fully into their security gang?
- Operationally, how should security and developers and DevOps come together to keep vulnerabilities out in the first place?
- How should security and developers and DevOps come together to respond quickly to vulnerabilities when they're discovered?
- How do security and developers and DevOps come together to prove to their auditors and customers that they're doing a good job of the above?
Resources:
- 2022 Accelerate State of DevOps Report
- "New insights for defending the software supply chain" blog (and new report)
- SLSA.dev site
- Secure Software Development Framework at NIST
- "Linking Up The Pieces: Software Supply Chain Security at Google and Beyond" (ep24)
- "Sharing The Mic In Cyber with STMIC Hosts Lauren and Christina: Representation, Psychological Safety, Security" (ep92)
- Go vulncheck tool
- "Reflections on Trusting Trust" paper (1984)
View all episodes
By Anton Chuvakin
4.8
3939 ratings
Guests:
- John Speed Meyers, Security Data Scientist, Chainguard
- Todd Kulesza, User Experience Researcher, Google
Topics:
- How did you get involved with this year's Accelerate State of DevOps Report (DORA report)?
- So what is DORA and why did you decide to focus on supply chain security for the 2022 report?
- What are the big learnings from this year's report?
- What's the difference between SLSA and SSDF? Is one spicy and the other savory? How're companies adopting these and how is adoption going?
- Are there other areas that DevOps can be a contributor in the overall security landscape?
- How can CISOs rope DevOps fully into their security gang?
- Operationally, how should security and developers and DevOps come together to keep vulnerabilities out in the first place?
- How should security and developers and DevOps come together to respond quickly to vulnerabilities when they're discovered?
- How do security and developers and DevOps come together to prove to their auditors and customers that they're doing a good job of the above?
Resources:
- 2022 Accelerate State of DevOps Report
- "New insights for defending the software supply chain" blog (and new report)
- SLSA.dev site
- Secure Software Development Framework at NIST
- "Linking Up The Pieces: Software Supply Chain Security at Google and Beyond" (ep24)
- "Sharing The Mic In Cyber with STMIC Hosts Lauren and Christina: Representation, Psychological Safety, Security" (ep92)
- Go vulncheck tool
- "Reflections on Trusting Trust" paper (1984)
More shows like Cloud Security Podcast by Google
View all
Security Now (Audio)
2,009 Listeners
Risky Business
372 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,020 Listeners
Smashing Security
319 Listeners
Click Here
416 Listeners
Darknet Diaries
8,061 Listeners
Cybersecurity Today
179 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
189 Listeners
AWS Podcast
204 Listeners
Defense in Depth
74 Listeners
Cloud Security Podcast
57 Listeners
Cyber Security Headlines
139 Listeners
Risky Bulletin
44 Listeners