Chris Hughes, co-founder of Aquia, joins Chris and Robert on the Application Security Podcast to discuss points from his recent book Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, co-authored with Tony Turner. The conversation touches on the U.S. government in the software supply chain, the definition and benefits of software transparency, the concept of a software bill of materials (SBOM), and the growth of open-source software. The episode also covers crucial topics like compliance versus real security in software startups, the role of SOC 2 in setting security baselines, and the importance of threat modeling in understanding software supply chain risks. They also talk about the imbalance between software suppliers and consumers in terms of information transparency and the burden on developers and engineers to handle vulnerability lists with little context.As an expert in the field, Chris touches on the broader challenges facing the cybersecurity community, including the pitfalls of overemphasizing technology at the expense of building strong relationships and trust. He advocates for a more holistic approach to security, one that prioritizes people over technology.LinksSoftware Transparency: Supply Chain Security in an Era of a Software-Driven Society by Chris Hughes and Tony Turnerhttps://www.wiley.com/en-us/Software+Transparency%3A+Supply+Chain+Security+in+an+Era+of+a+Software+Driven+Society-p-9781394158492Application Security Program Handbook by Derek Fisher https://www.simonandschuster.com/books/Application-Security-Program-Handbook/Derek-Fisher/9781633439818Agile Application Security by Laura Bell, Michael Brunton-Spall, Rich Smith, Jim Birdhttps://www.oreilly.com/library/view/agile-application-security/9781491938836/CNCF Catalog of Supply Chain Compromiseshttps://github.com/cncf/tag-security/blob/main/supply-chain-security/compromises/README.mdFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ver todos los episodios