Operations | Monitoring | ITSM | DevOps | Cloud

Securing software supply chain without panicking ft. Chainguard co-founder Kim Lewandowski

Aug 5, 2022 By CircleCI In CircleCI
Chainguard co-founder, Kim Lewandowski joins Rob to discuss the ways she presses forward in the fear-driven world of software supply chain security. In any kind of mistake or failure, security breaches have to be something that we can learn from. On the other hand, particularly during investigation, there are often walls of trust and other factors affecting fully transparent communication. Does this impact our ability to learn? Is there something we have to do differently to get better at it?
View Video
circleci

Code signing: securing against supply chain vulnerabilities

Aug 4, 2022 By Jacob Schmitt In CircleCI

When creating an application, developers often rely on many different tools, programs, and people. This collection of agents and actors involved in the software development lifecycle (SDLC) is called the software supply chain. The software supply chain refers to anything that touches or influences applications during development, production, and deployment — including developers, dependencies, network interfaces, and DevOps practices.

Read Post
servicenow

Taming the supply chain: Addressing vendor risks to the nth tier

Jul 11, 2022 By Mark Gardner In ServiceNow

Vendor risk ranks alongside cybersecurity, compliance, reputational, and financial risks as one of the top risks to any organization. With any risk, you need to identify, monitor, and mitigate that risk, especially when it comes to your supply chain. The question for someone in my role as a senior manager of compliance management is: What level of risk is being posed and why? Stated another way: Do I really know what my supply chain is doing?

Read Post
circleci

Software supply chain: What it is and how to keep it secure

Jun 30, 2022 By Jacob Schmitt In CircleCI

As shortages of consumer goods and rising prices caused by bottlenecks in international supply networks have become more common, the global supply chain and its vulnerabilities have been top of mind for many. For developers, several high-profile software security exploits have recently underscored the risks inherent in a similar type of supplier network: the software supply chain.

Read Post

Securing the Software Development Build

Jun 23, 2022 By SolarWinds In SolarWinds
Tim Brown, SolarWind CISO and VP, Security, explains how SolarWinds is ensuring the integrity of the build process and how we share learnings with our partners, community, and customers; as well as how we're leveraging and contributing to open-source initiatives and lead by example in securing the supply chain.
View Video

Anatomy of a Supply Chain Attack Detection and Response

Jun 9, 2022 By Flowmon In Flowmon
In today's world of global supply chains, a breach never stops at a supplier level but cascades all the way up the chain. So being able to detect and stop a supply chain attack at an early stage before an attacker exfiltrates confidential company data or damages company operations and reputation is critical to your organization's survival. Luckily, hackers always leave a trace, so proper detection can help you stop breaches at an early stage before hackers achieve their goals.
View Video
Featured Post
circleci

The Evolution of Software Trends in 2022

May 23, 2022 By Rob Zuber, CTO In CircleCI
Software delivery has never been more critical to the success of business in every industry. It's also never been more complex. With the growing challenges of complexity, how can engineering teams succeed? After analyzing millions of workflows from more than 50,000 organizations across the world, here are a few truths of software delivery today.
Read Post
rancher

Secure Supply Chain: Verifying Image Signatures in Kubewarden

May 20, 2022 By Raul Cabello In Rancher

After these last releases Kubewarden now has support for verifying the integrity and authenticity of artifacts within Kubewarden using the Sigstore project. In this post, we shall focus on verifying container image signatures using the new verify-image-signatures policy. To learn more about how Sigstore works, take a look at our previous post

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.