In this engaging episode of ScaletoZero podcast, cybersecurity expert Htet Aung delves into the complexities of software supply chain security, emphasizing the importance of practices like software bill of materials (SBOM) and container image signing. He also rates key security practices and recommends valuable resources for further exploration.
You can read the complete episode transcript here >
Learnings from the podcast
- Software Bill of Material (SBOM) is key for Supply Chain Security. It helps organizations understand dependencies and vulnerabilities associated with the dependencies.
- To analyze SBOMs, utilize a Software Composition Analysis (SCA) Tool and integrate is as part of CI/CD Process.
- Some of the best practices of Image Signing are using a Key Management Solution which has capabilities like Rotation, Secure Root and Private Keys, Use of a Trusted Registry with Continuous Monitoring on it to name a few.
Learning resources recommended by Aung
-
Microsoft Security Blogs
Expert coverage on security matters such as zero trust, identity and access management, threat protection, information protection, and security management.
-
Zero Trust Security Architecture
Unveil Zero Trust Security! Our guide explains core principles, benefits, implementation steps, & its role in both cybersecurity & cloud security
