2019 State of the Software Supply Chain Report

2019 State of the Software Supply Chain Report

Author: The OWASP Podcast Series June 27, 2019 Duration: 33:28
The OWASP Podcast Series
Technology
The 2019 State of the Software Supply Chain Report was released on June 25th. The report is an analysis of the answers from over 5500 participants, allowing data researchers the ability to extrapolate what the most productive enterprises are doing when it comes to managing the software supply chain, and how that compares to less efficient development practices. The purpose of the analysis was to objectively examine and empirically document, release patterns and hygiene practices across 36,000 open source project teams and 3.7 million open source releases. In this conversation I speak with Derek Weeks, Project Lead for the report, and Stephen Magil, who along with Gene Kim, acted as research partners on the report. If you've been looking for verified research that can be used to help justify a DevOps initiative, or to validate the value of DevOps projects within your company, you'll want to stay with us.

Tune in to The OWASP Podcast Series for genuine conversations that go beyond the headlines of cybersecurity. Instead of dry lectures, you'll hear from the people actually building, testing, and defending the software that shapes our world. Each episode sits down with a different practitioner or innovator, pulling insights directly from their daily work and long-term vision. The discussions are grounded in the real challenges of application security, offering practical knowledge and forward-thinking strategies. This podcast provides a unique audio space to understand the evolving threats and defensive techniques critical for our digital infrastructure. You’ll find the dialogue is both technical and accessible, demystifying complex topics through the experiences of those on the front lines. The goal is to share actionable wisdom from the OWASP community and its extended network, focusing on how to create more resilient systems. By listening, you gain a deeper appreciation for the ongoing effort required to secure technology for everyone. It’s an essential resource for developers, security professionals, and anyone curious about the foundational work of safeguarding our connected future. The series turns abstract concepts into tangible lessons, all through the voices of the individuals dedicated to this crucial mission.
Author: Language: English Episodes: 100

Official website RSS
youtubelinkedingithub
The OWASP Podcast Series
Podcast Episodes
2023-04 Rethinking WAFs: OWASP Coraza [not-audio_url] [/not-audio_url]

Duration: 29:14
WAFs have been with us a while and it's about time someone reconsidered WAFs and their role in AppSec given the cloud-native and Kubernetes landscape. The OWASP Coraza is not only asking these questions but putting some…
2023-03 Point of Scary - the POS ecosystem [not-audio_url] [/not-audio_url]

Duration: 34:46
In this episode I speak with Aaron about Point of Sale or POS systems. He's been investigating the security of POS systems for quite some time now and brings to light the state of the POS ecosystem. Buckle your seat belt…
2023-02 Isolation is just PEACHy [not-audio_url] [/not-audio_url]

Duration: 33:54
In this episode I speak with Amitai Cohen who's been thinking a lot about tenant isolation. This is a problem for more then just cloud providers. Anyone with a SaaS offering or even large enterprise may want to isolate c…
OWASP Ep 2023-01: Audit, Compliance and automation, Oh my! [not-audio_url] [/not-audio_url]

Duration: 27:35
In this episode, I speak with Caleb Queern, one of the authors of "Investments Unlimited" a book I highly recommend you get and read. While the book is fiction, there's a great deal of truth in the story about how automa…
2022 Year in Review [not-audio_url] [/not-audio_url]

Duration: 14:19
In this episode, I go solo and review the last year of podcasts but with a twist. I do my best to compare the topics covered to the OWASP Flagship projects. The goal is to see if the episodes I recorded this year match u…
You've got some Kubernetes in my AppSec! [not-audio_url] [/not-audio_url]

Duration: 41:44
In this episode, I speak with Jimmy Mesta, the project leader of the new OWASP Kubernetes Top 10. Beyond covering the actual Kubernetes Top 10 project, we cover how AppSec has expanded to cover other areas. You not only…
Little Zap of Horrors [not-audio_url] [/not-audio_url]

Duration: 33:09
In this episode, I speak with Simon Bennetts, the creator of OWASP Zed Attack Proxy lovingly known as ZAP. We talk about how it all got started, some of the surprises and lessons learned running a wildly successful open…
Breaching the wirefall with community [not-audio_url] [/not-audio_url]

Duration: 39:35
In this episode, Matt Tesauro hosts wirefall to talk about creating and growing a security community and his 26 years of pen testing experience. In wirefall's case, it's the Dallas Hackers Association or DHA. Our convers…
Going Way Beyond 2FA [not-audio_url] [/not-audio_url]

Duration: 30:45
In this episode, Matt Tesauro hosts Neil Matatall to talk about going beyond 2FA as he relates lessons learned from Twitter and Github on account security. This is another episode with some good nuggets of wisdom and som…
Getting Lean and Mean in the DefectDojo [not-audio_url] [/not-audio_url]

Duration: 30:44
In this episode, Matt Tesauro hosts Greg Anderson and Cody Maffucci to talk about OWASP DefectDojo. DefectDojo is an OWASP flagship project that aims to be the single source of truth for AppSec or Product Security teams.…

«123456...10»