The Application Security Podcast

Matt Rose -- Software Supply Chain Security Means Many Different Things to Different People

Chris Romeo and Robert Hurlbut Season 11 Episode 14

In this episode of the Application Security Podcast, hosts Chris Romeo and Robert Hurlbut welcome Matt Rose, an experienced technical AppSec testing leader. Matt discusses his career journey and significant contributions in AppSec. The conversation delves into the nuances of software supply chain security, exploring how different perceptions affect its understanding. Matt provides insights into the XZ compromise, critiques the buzzword 'shift left,' and discusses the role of digital twins and AI in enhancing the supply chain security. He emphasizes the need for a comprehensive approach beyond SCA, the relevance of threat modeling, and the potential risks and benefits of AI in security. The discussion also touches on industry trends, the importance of understanding marketing terms, and the future directions of AppSec.

Mentioned in the episode:

The Application Security Program Handbook by Derek Fisher
https://www.manning.com/books/application-security-program-handbook

Podcast Episode: Derek Fisher – The Application Security Program Handbook
https://youtu.be/DgmlHgNT-UM

Authors mentioned:
Steven E. Ambrose  https://www.simonandschuster.com/authors/Stephen-E-Ambrose/1063454
Mark Frost  https://en.wikipedia.org/wiki/Mark_Frost

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

People on this episode

Podcasts we love

Check out these other fine podcasts recommended by us, not an algorithm.

The Security Table Artwork

The Security Table

Izar Tarandach, Matt Coles, and Chris Romeo