#171 - Navigating Software Supply Chain Security (with Cassie Crossley)

In this episode of CISO Tradecraft, host G Mark Hardy converses with Cassie Crossley, author of the book on software supply chain security. Hardy explores the importance of cybersecurity, the structure of software supply chains, and the potential risks they pose. Crossley shares her expert insights on different software source codes and the intricacies of secure development life cycle. She highlights the significance of Software Bill of Materials (SBOM) and the challenges in maintaining the integrity of software products. The discussion also covers the concept of counterfeits in the software world, stressing the need for continuous monitoring and a holistic approach towards cybersecurity. Link to the Book: https://www.amazon.com/Software-Supply-Chain-Security-End/dp/1098133706?&_encoding=UTF8&tag=-0-0-20&linkCode=ur2 Transcripts: https://docs.google.com/document/d/1SJS2VzyMS-xLF0vlGIgrnn5cOP8feCV9 Chapters 00:00 Introduction 01:44 Discussion on Software Supply Chain Security 02:33 Insights into Secure Development Life Cycle 03:20 Understanding the Importance of Supplier Landscape 05:09 The Role of Security in Software Supply Chain 07:29 The Impact of Vulnerabilities in Software Supply Chain 09:06 The Importance of Secure Software Development Life Cycle 14:13 The Role of Frameworks and Standards in Software Supply Chain Security 17:39 Understanding the Importance of Business Continuity Plan 20:53 The Importance of Security in Agile Development 24:01 Understanding OWASP and Secure Coding 24:20 The Importance of API Security 24:50 The Concept of Shift Left in Software Development 25:20 The Role of Culture in Software Development 25:52 Exploring Different Source Code Types 26:19 The Rise of Low Code, No Code Platforms 28:53 The Potential Risks of Generative AI Source Code 34:24 Understanding Software Bill of Materials (SBOM) 41:07 The Challenge of Spotting Counterfeit Software 41:36 The Importance of Integrity Checks in Software Development 45:45 Closing Thoughts and the Importance of Cybersecurity Awareness