ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Steve Springett — An insiders checklist for Software Composition Analysis"
Episode Synopsis
Steve Springett is a technologist, husband, father, entrepreneur, and tequila aficionado. He is the creator of the OWASP @DependencyTrack and @CycloneDX_Spec. In this conversation, we begin with the problem of software supply chain risk and the failures of commercial Software Composition Analysis tools. We then go through an extensive list of criteria for purchasing a software composition analysis tool. I have never seen a list like this ever shared anywhere in the industry. Steve is definitely in the know when it comes to these types of tools, and this is a detailed checklist of what he looks for in a tool. We end with a 60-second update on Dependency Track.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More episodes of the podcast The Application Security Podcast
OWASP Candidate Debate - 2025 Edition
15/10/2025
Francesco Cipollone - Agentic AI Manifesto
23/09/2025
Getting Ready for the EU CRA
20/08/2025
Marisa Fagan - Measuring Security Culture
05/08/2025
Sean Varga -- OWASP Top 10 for AppSec Sales
15/07/2025
In God we trust