DEV Community

Cover image for What Hackers Know About Your Software Supply Chain (That You Don’t)
Conor Bronsdon for LinearB

Posted on • Originally published at devinterrupted.com

What Hackers Know About Your Software Supply Chain (That You Don’t)

You’ve heard of the supply chain, but what about the software supply chain?

Unlike the standard supply chain that you often hear about in the news, this week’s episode of Dev Interrupted dives into the supply chain responsible for holding together the systems that companies, orgs and governments depend upon.

Kim Lewandowski, a software supply chain security expert, co-founded Chainguard in 2021 with a mission to make the software supply chains secure by default.

In our conversation, Kim discusses why hackers are way ahead of the game on the software supply chain, what companies can do about it and why excitement around open source may not align with the security threats of the future.

She also details why 5 founders may be better than 2, why you might find her Easter eggs in nuclear codes and why Google is an amazing pit-stop in anyone’s career.

Episode Highlights Include:

  • (5:50) Easter eggs in nuclear codes
  • (7:00) The reason Google is a great career pit-stop
  • (11:18) What is the software supply chain?
  • (17:14) The risks with open source supply chains
  • (19:51) Why 5 founders may be better than 2
  • (27:40) How to improve your software supply chain security

You're Invited to INTERACT on April 7th

Join engineering leaders from Netflix, Slack, Stack Overflow, American Express & more at LinearB's virtual engineering leadership conference, INTERACT on April 7th, 2022.

1 day, 20 speakers, 1,000s of engineering leaders - all driven by the Dev Interrupted community. If you are a team lead, engineering manager, VP or CTO looking to improve your team, this is the conference for you!

Learn more here

Join INTERACT at https://devinterrupted.com/event/interact/

Discussion (1)

Collapse
nobilitypnw profile image
NOBILITYPNW

I confess, I have never heard of the software supply chain before. Something else I didn't know I needed to worry about lol