S3E14: Resilient Cyber Show w/ Jon Meadows: The Secure Software Factory and Software Supply Chain

In this episode of Resilient Cyber, Chris Hughes and Dr. Nikki Robinson are joined by Jon Meadows, Head of Cloud Security and Supply Chain Engineering at Citibank, to explore the intricacies of software supply chain security and building a secure software factory.

🔑 Key Highlights:

• Software Supply Chain Security: The importance of an end-to-end perspective on securing the software supply chain

• S-BOM and VEX: The role of Software Bill of Materials (S-BOM) and VEX in vulnerability management and assessing risk

• Supply Chain Risk Management: Strategies for enterprises to manage ingestion, secure software factories, and automate security checks

• CNCF Secure Software Factory: Insights into the Secure Software Factory Reference Architecture and its implementation within cloud-native ecosystems

• Cloud-Native Security: Best practices for integrating security into cloud-native environments, including containers and infrastructure-as-code (IaC)

• Human Element: How organizations can manage the complexity of supply chain security with automation and cross-team collaboration

• Cyber Resiliency: Jon's thoughts on building resilient systems to react to vulnerabilities in the software supply chain