cover of episode Secure Software Supply-Chain

Secure Software Supply-Chain

2022/9/28
logo of podcast The Cloudcast

The Cloudcast

Shownotes Transcript

Dan Lorenc (@lorenc_dan, Founder/CEO @chainguard_dev) talks about modern software-supply chains, Sigstore and SBOM.

SHOW: 655

CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw)

CHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS")

SHOW SPONSORS:

  • Datadog Application Monitoring): Modern Application Performance Monitoring
  • Get started monitoring service dependencies to eliminate latency and errors and enhance your users app experience with a free 14 day Datadog trial). Listeners of The Cloudcast will also receive a free Datadog T-shirt.
  • CDN77) - Content Delivery Network Optimized for Video
  • 85% of users stop watching a video because of stalling and rebuffering. Rely on CDN77 to deliver a seamless online experience to your audience. Ask for a free trial) with no duration or traffic limits.

SHOW NOTES:

  • Chainguard) (homepage)
  • Sigstore) - standard for signing, verifying and protecting software
  • CISA SBOM) (Software Bill of Materials)

**Topic 1 - **Welcome to the show. Let’s talk about your background, and led you to found Chainguard. 

**Topic 2 - Over the last couple years, we’ve seen several high-profile hacks where malicious code was a big part of the problem. As an industry, where are we in terms of managing the security around software? **

**Topic 3 - **Now that we’re building software much faster, and software is coming from so many different (and often unknown/untrusted) places, what are some of the technology shifts that are happening to address these new environments?

**Topic 4 - **Chainguard is focused on both secure container images and now secure supply-chain solutions. Walk us through how your offers fit into today’s software challenges.

**Topic 5 - **There is a new term we’re hearing quite a bit, SBOM (Secure Bill of Materials). How does SBOM fit into this bigger picture? What are the technologies behind the scenes that make it possible?

**Topic 6 - **For anyone focusing on this area, what are some good ways to get involved with the new technologies and way of thinking about software security?

FEEDBACK?

  • Email: show at the cloudcast dot net
  • Twitter: @thecloudcastnet)