S3E22: Resilient Cyber Show w/ Steve Springett

In this episode of Resilient Cyber, hosts Chris Hughes and Dr. Nikki Robinson are joined by Steve Springett, a software supply chain expert, to discuss the challenges and innovations in modern digital supply chain security. Steve shares his vast experience from working in physical supply chains for the pharmaceutical industry to leading software supply chain projects like CycloneDX and Dependency-Track.

🔑 Key Highlights:

• Digital Supply Chain vs. Physical Supply Chain: Steve discusses the similarities and differences between software and physical supply chains, shedding light on how organizations can improve transparency and security across both.

• Challenges of Vulnerability Management: Learn about the evolving role of the National Vulnerability Database (NVD) and how modern tools like package URLs are addressing the limitations of legacy systems.

• Importance of SBOMs and VEX: Discover how Software Bills of Materials (SBOMs) and Vulnerability Exploitability Exchange (VEX) can help organizations manage risks and improve security.

• SaaS BOM: Steve introduces the concept of a SaaS BOM (Software-as-a-Service Bill of Materials), explaining its role in protecting data and services in cloud-native environments.

• Future of Software Security: Steve shares insights on the growing need for real-time security data, the potential for automation, and how organizations can stay resilient in an ever-evolving threat landscape.