S3E3: Resilient Cyber w/Dan Lorenc

S3E3: Dan Lorenc - Software Supply Chain, Sigstore and OSS

In this episode of Resilient Cyber, hosts Chris Hughes and Dr. Nikki Robinson sit down with Dan Lorenc to tackle the critical and ever-evolving landscape of software supply chain security.

Key Discussion Points:

• Rising Focus on Software Supply Chain Security: Chris and Dan discuss the increasing attention on software supply chains, driven by recent incidents and evolving legislation like the Cyber EO and NIST guidance.

• Threat Detection and Response: Nikki explores how software supply chain security integrates into broader threat detection and response strategies, delving into the implications of SBOM, Log4j, and SolarWinds.

• Threat Modeling Techniques: The conversation expands into threat modeling, considering how the growing attack surface demands innovative techniques to safeguard against supply chain threats.

• Sigstore and DevSecOps: Dan shares insights into his work with Sigstore and its significance in enhancing DevSecOps practices.

• Managing Technical Debt: Nikki addresses the challenges of technical debt, including outdated software and dependencies, and discusses strategies for better software inventory management.

• Future Outlook: Chris and Dan envision the future of software supply chain security, exploring where we're headed with initiatives like SBOM, VEX, Sigstore, and SLSA.