S3E3: Dan Lorenc

In this episode of Resilient Cyber, Chris Hughes and Dr. Nikki Robinson chat with Dan Lorenc, founder and CEO of ChainGuard, about the evolving landscape of software supply chain security, the importance of open source security (OSS), and the role of projects like Sigstore in protecting the software ecosystem. 🛠️

🔑 Key Highlights:

• Dan’s background in Google Cloud security and founding ChainGuard to focus on software supply chain security

• Why software supply chain security is gaining attention in recent years, from SolarWinds to Log4J incidents

• How attackers are increasingly targeting build systems and software supply chains

• The role of Software Bill of Materials (SBOM) and Sigstore in providing transparency and trust

• How open source security is critical and why OSS developers need easy and free tools like Sigstore

• Insights into securing supply chains by automating code signing and verification processes

• The importance of frameworks like SSDF and Salsa in strengthening security for modern software environments

Dan also shares practical advice on how organizations can improve their software security by implementing best practices and leveraging open source tools like Sigstore to enhance visibility and integrity in the software supply chain.