AI, the Software Supply Chain, and Other (Not So) Puzzling Pieces
RSA Conference 2024 · Track Session
In this insightful talk from RSAC 2024, Jacob, Deputy Chief Security Officer at GitHub, draws a compelling parallel between personal health and the often-overwhelming landscape of software supply chain security. Just as individuals can get lost in the minutiae of optimizing every health metric, organizations frequently become fixated on the latest security tools and features, neglecting fundamental security hygiene. Jacob argues that while advanced optimizations have their place, a robust security posture is built upon foundational principles, which he distills into three core pillars: software security and secrets, platform and developer security, and build systems and dependencies.