Upstream: The Software Supply Chain Security Podcast presented by Anchore

In this episode, John Yeoh, Global Vice President of Research at Cloud Security Alliance,  joins hosts Kim Weins and Josh Bressers to discuss the state of security in the cloud and how to solve supply chain pain points like misconfigurations, zero trust, and transparency. They explore the need to align best practices and how the Global Security Database initiative is working to unify vulnerability data disclosure across the industry.

In this episode, Matt Huston, CISO of the Platform One program in the United State Air Force, joins Kim Weins and Josh Bressers to discuss how the USAF is innovating with modern DevSecOps practices while meeting exacting government standards. They dive into how software factories within the U.S. Department of Defense are leveraging the same practices followed by industry leaders to dramatically speed up the delivery of secure software.

In this episode, Kim Weins and Josh Bressers engage Stephen O'Grady, co-founder and principal analyst at RedMonk, on how improving the developer experience can pay dividends for security up and down the software supply chain. 

In this episode, Neil Levine of Anchore joins Kim Weins and Josh Bressers to discuss the power of SBOMs. They explore practical first steps for using SBOMs and how they can improve software supply chain security starting today.

Steve Lasker of Microsoft joins the show and talks with host Kim Weins and Josh Bressers about how the software ecosystem will generate and use SBOMs.  He reveals the challenge of giant SBOMs and how Microsoft is providing transparency to customers about the components in their software. 

In this episode, Bren Briggs of Hypergiant joins host Kim Weins and Josh Bressers to discuss software supply chain issues that keep them up at night. They touch on SBOMs as an inventory tool, DevSecOps by definition and the practice of software supply chain management.

On this inaugural episode of the show, veteran security leader and world-famous podcaster: Josh Bressers joins host Kim Weins to discuss the log4j security vulnerability and the way forward in preparation for the next zero-day attack.