S3E21: Resilient Cyber Show w/ Josh Bressers

In this episode of Resilient Cyber, Chris Hughes and Dr. Nikki Robinson are joined by Josh Bressers, Vice President of Security at Anchore, for an insightful discussion on the security of open source software and supply chain security. With over 20 years of experience in open source, Josh shares his thoughts on the evolving landscape of open source software, the increasing importance of supply chain security, and how organizations can better manage the risks involved.

🔑 Key Highlights:

• Open Source Security: Josh discusses the evolution of open source software security, the lessons learned from incidents like Log4Shell, and why understanding the software supply chain is more important than ever.

• The Rise of SBOMs: As a central focus of the Biden administration’s executive order, Josh explains how Software Bills of Materials (SBOMs) can help organizations track and manage vulnerabilities in their supply chains.

• Vulnerabilities in Open Source: Learn how projects like the Global Security Database (GSD) and efforts like VEX (Vulnerability Exploitability eXchange) are reshaping how we view and manage vulnerabilities.

• Challenges of Open Source: Josh sheds light on the "unfairness" of open source for developers and users, touching on issues like licensing and support.

• Cyber Resilience: Josh shares his views on what cyber resilience means today and how the industry is shifting from a black-and-white approach to one focused on continuous risk management.