TalkSecure

Auditing Software Artifacts | Video interview with Robert Seacord

Posted on

by

Video interview with Robert Seacord, technical director in the assurance division at NCC Group and author of “Effective C” From No Starch Press, and of “Secure coding in C and C++”

 

{{ script_embed(‘wistia’, ’85g97rd043′, ”, ‘inline,responsive’) }}

 

In a recently published blog at the NCC Group, devops guru Robert Seacord wrote about the CertC Coding standard:  

“The software supply chain problem involves understanding what software you are using and the quality attributes (such as modifiability, performance, availability, and security) of this software you are using. Just understanding what software you are using is a significant challenge.”

It’s a significant blog post that peels back some of the ‘layers of the onion’ of open-source DevOps dependencies. The goal, he writes is to trace back all code artifacts into human readable and auditable dependencies, or SLSA (Supply-chain Levels for Software Artifacts). In this video interview, we cover:

  • The difference between providence of a software component, such as curl, and quality of the components
  • Trust and accreditation across boundaries
  • Secure coding standards that apply to third party components

robertseacord-shiftleft

Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now