18 min listen
Incorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy
Incorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy
ratings:
Length:
32 minutes
Released:
Mar 22, 2022
Format:
Podcast episode
Description
Organizations are turning to DevSecOps to produce code faster and at lower cost, but the reality is that much of the code is actually coming from the software supply chain through code libraries, open source, and third-party components where reuse is rampant. The downside is that this reused code contains defects unknown to the new user, which, in turn, propagate vulnerabilities into new systems. This is troubling news in an operational climate already rife with cybersecurity risk. Organizations must develop a cybersecurity engineering strategy for systems that addresses the integration of DevSecOps with the software supply chain. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Carol Woody, a principal researcher in the SEI’s CERT Division, talks with Suzanne Miller about supply-chain issues and the planning needed to integrate software from the supply chain into operational environments. The discussion includes building a cybersecurity engineering strategy for DevSecOps that addresses those supply-chain challenges.
Released:
Mar 22, 2022
Format:
Podcast episode
Titles in the series (100)
Why Leaders Should Care About Security: In this podcast, Julia Allen urges leaders to be security conscious and treat adequate security as a non-negotiable requirement of being in business. by Software Engineering Institute (SEI) Podcast Series