BROADCASTS.com

b'

1. You have quite a bit of experience and a lot of research into implementing secure software - but we'd like to dig into a little bit about where organizations should start - tools, multiple developers? What kind of baselines should be consider?
2. There's an increased focus on secure software supply chains, especially with the recent Executive Order (EO). The EO emphasizes the prevalence of an SBOM and it seems like SBOM's are set to become and industry norm in the not-so-distance future. What are your thoughts around SBOMs and how they can help mitigate or at least shed light on some of the security concerns around external third parties, insecure dependencies, and the organizations overall software consumption?
3. There are multiple vectors for insecure external code to be introduced into an application. How should organizations be protecting their applications in the context of third-party libraries?
4. With some of those major pain points in developing a secure software program, how can organizations integrate security and secure practices with Developers?
5. There are some leading industry resources such as the OWASP Software Assurance Maturity Model (SAMM) and Building Security in Maturity Model (BSIMM) for organizations to leverage to support their software security initiatives. Have you seen organizations have much success with these approaches and do you have any advice on this front in terms of how to adopt and use these resources?
6. Now that we've covered how to integrate security into Development teams, how can we integrate secure practices into Operations teams?
7. What are some resources that Developers, Operations, and Management can look to when they're trying to integrate secure practices into their pipelines?
8. What does cyber resilience mean to you in the context of DevSecOps practices?