Linking Up The Pieces: Software Supply Chain Security at Google and Beyond

Cloud Security Podcast by Google - A podcast by Anton Chuvakin - Mondays

Categories:

Guests: Eric Brewer, VP of Infrastructure, and Google Fellow @ Google Aparna Sinha, Director of Product Management @ Google Cloud Topics: What is software supply chain security and how is it different from other kinds of supply chain security?  What types of organizations need to care about it? Is supply chain security a concern for large, elite enterprises only?  What’s the relationship between what we’re doing here, and what SBOM is? Can you talk us through a quick threat assessment of a supply chain security issue? What are the realistic threats here and who are the threat actors involved? How does Google try to solve these problems internally? Have we succeeded?  How does this translate into our products? By the way, what’s SLSA? Resources: “Container Security: Building trust in your software supply chain” (live event on July 29, 2021) “Tracking The Trail Of Software: The Key To Boosting Security”  “Introducing SLSA, an End-to-End Framework for Supply Chain Integrity” DORA study