Sign up to save your podcasts
Or
Share S2E2: Cole Kennedy - Software Supply Chain Security, SBOM and Open Source
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
S2E2: Cole Kennedy - Software Supply Chain Security, SBOM and Open Source
I was reading the CISA document "Defending Against Software Supply Chain" and was curious if the guidance within was helpful or informative for anyone who wants to start a S-SCRM program?
What role do you feel compliance frameworks play in SCRM? We are seeing sources such as NIST 800-53 include SCRM specific controls now. Will it help?
What would you say is the most resilient component an individual could add to their own organization to recover quickly in the event of a software supply chain attack?
From the perspective of Cloud, do you feel cloud adoption can help, or hinder when it comes to driving down risk associated with the supply chain?
What are the biggest concerns / risks when it comes to building a secure software supply chain program
I know you've been involved with projects such as TUF and in-toto. Can you help folks understand what those are and why they are valuable?
What does the term "Cyber Resilient" mean to you?
Find out more from Cole at Testify Sec - https://www.testifysec.com/
View all episodes
By Chris Hughes
4.9
1616 ratings
I was reading the CISA document "Defending Against Software Supply Chain" and was curious if the guidance within was helpful or informative for anyone who wants to start a S-SCRM program?
What role do you feel compliance frameworks play in SCRM? We are seeing sources such as NIST 800-53 include SCRM specific controls now. Will it help?
What would you say is the most resilient component an individual could add to their own organization to recover quickly in the event of a software supply chain attack?
From the perspective of Cloud, do you feel cloud adoption can help, or hinder when it comes to driving down risk associated with the supply chain?
What are the biggest concerns / risks when it comes to building a secure software supply chain program
I know you've been involved with projects such as TUF and in-toto. Can you help folks understand what those are and why they are valuable?
What does the term "Cyber Resilient" mean to you?
Find out more from Cole at Testify Sec - https://www.testifysec.com/
More shows like Resilient Cyber
View all
Risky Business
374 Listeners
RunAs Radio
83 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
653 Listeners
CyberWire Daily
1,022 Listeners
Cloud Security Podcast
57 Listeners
Cyber Security Headlines
138 Listeners
Entra.Chat
4 Listeners