Sign up to save your podcasts
Or
Share Resilient Cyber Podcast - Episode 21 - Dr. Philip Kulp - DevSecOps
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Resilient Cyber Podcast - Episode 21 - Dr. Philip Kulp - DevSecOps
- You have quite a bit of experience and a lot of research into implementing secure software - but we'd like to dig into a little bit about where organizations should start - tools, multiple developers? What kind of baselines should be consider?
- There's an increased focus on secure software supply chains, especially with the recent Executive Order (EO). The EO emphasizes the prevalence of an SBOM and it seems like SBOM's are set to become and industry norm in the not-so-distance future. What are your thoughts around SBOMs and how they can help mitigate or at least shed light on some of the security concerns around external third parties, insecure dependencies, and the organizations overall software consumption?
- There are multiple vectors for insecure external code to be introduced into an application. How should organizations be protecting their applications in the context of third-party libraries?
- With some of those major pain points in developing a secure software program, how can organizations integrate security and secure practices with Developers?
- There are some leading industry resources such as the OWASP Software Assurance Maturity Model (SAMM) and Building Security in Maturity Model (BSIMM) for organizations to leverage to support their software security initiatives. Have you seen organizations have much success with these approaches and do you have any advice on this front in terms of how to adopt and use these resources?
- Now that we've covered how to integrate security into Development teams, how can we integrate secure practices into Operations teams?
- What are some resources that Developers, Operations, and Management can look to when they're trying to integrate secure practices into their pipelines?
- What does cyber resilience mean to you in the context of DevSecOps practices?
View all episodes
By Chris Hughes
4.9
1616 ratings
- You have quite a bit of experience and a lot of research into implementing secure software - but we'd like to dig into a little bit about where organizations should start - tools, multiple developers? What kind of baselines should be consider?
- There's an increased focus on secure software supply chains, especially with the recent Executive Order (EO). The EO emphasizes the prevalence of an SBOM and it seems like SBOM's are set to become and industry norm in the not-so-distance future. What are your thoughts around SBOMs and how they can help mitigate or at least shed light on some of the security concerns around external third parties, insecure dependencies, and the organizations overall software consumption?
- There are multiple vectors for insecure external code to be introduced into an application. How should organizations be protecting their applications in the context of third-party libraries?
- With some of those major pain points in developing a secure software program, how can organizations integrate security and secure practices with Developers?
- There are some leading industry resources such as the OWASP Software Assurance Maturity Model (SAMM) and Building Security in Maturity Model (BSIMM) for organizations to leverage to support their software security initiatives. Have you seen organizations have much success with these approaches and do you have any advice on this front in terms of how to adopt and use these resources?
- Now that we've covered how to integrate security into Development teams, how can we integrate secure practices into Operations teams?
- What are some resources that Developers, Operations, and Management can look to when they're trying to integrate secure practices into their pipelines?
- What does cyber resilience mean to you in the context of DevSecOps practices?
More shows like Resilient Cyber
View all
Hacked
184 Listeners
Risky Business
375 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
637 Listeners
CyberWire Daily
1,017 Listeners
The Application Security Podcast
36 Listeners
Darknet Diaries
8,010 Listeners
Cybersecurity Today
175 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
73 Listeners
Cloud Security Podcast
57 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
9,830 Listeners
Cyber Security Headlines
134 Listeners
CISO Tradecraft®
48 Listeners
AI Security Podcast
4 Listeners