In this episode of the Future of Application Security, Harshil speaks with Dave Ferguson, Director of Technical Product Management, Software Supply Chain Security at ReversingLabs, which offers software supply chain security analysis platform. They discuss the rising need for software supply chain security as a result of the complexities around how software is built today. They also talk about ways to identify novel attacks through analyzing software behaviors, how efforts like SBOMs and registries help increase transparency, and why software supply chain security needs to evolve from just looking for vulnerabilities.

Topics discussed:

• How Dave's diverse background in security, as well as his piqued interest around the SolarWinds and 3CX attacks, led to his focus on software supply chain security today.
• How a product manager leads by working with development teams, meeting with customers, incorporating new features and integrations, and helping bring new solutions to market.
• How the complexities associated with building software today — like open source and automation — have increased the possibility of adversaries slipping in. 
• Why analyzing software behavior across previous builds and seeing what's changed can help flag novel attacks.
• Today's trends that are increasing transparency in software creation, including the rising demand for SBOMs and the possibility of trust registries for commercial software.
• Why software supply chain security approaches need to move beyond just looking at vulnerabilities to find ways to root out all malicious activity.

RELATED RESOURCE: 

Today, most application security tools are designed to find vulnerabilities, not fix them. What is noise and what is risk? And, more importantly, how do you accelerate the remediation of the most critical vulnerabilities? The answer lies within one key metric — Mean Time to Remediate (MTTR). 

Taking a better strategy to decrease your MTTR and keep your organization safe can begin today — download the paper to learn how.