ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Incorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy"
Episode Synopsis
Organizations are turning to DevSecOps to produce code faster and at lower cost, but the reality is that much of the code is actually coming from the software supply chain through code libraries, open source, and third-party components where reuse is rampant. The downside is that this reused code contains defects unknown to the new user, which, in turn, propagate vulnerabilities into new systems. This is troubling news in an operational climate already rife with cybersecurity risk. Organizations must develop a cybersecurity engineering strategy for systems that addresses the integration of DevSecOps with the software supply chain. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Carol Woody, a principal researcher in the SEI's CERT Division, talks with Suzanne Miller about supply-chain issues and the planning needed to integrate software from the supply chain into operational environments. The discussion includes building a cybersecurity engineering strategy for DevSecOps that addresses those supply-chain challenges.
More episodes of the podcast Software Engineering Institute (SEI) Podcast Series
Delivering Next-Generation AI Capabilities
29/09/2025
Mitigating Cyber Risk with Secure by Design
14/07/2025
In God we trust