Securing the Software Supply Chain with Chip Childers, VP Security at VMware and Jim Mercer, VP DevSecOps at IDC

Incidents like the Log4j incident and new governmental regulations have forced tech leaders to examine the security of their software supply chain. Understanding the complexities of this is challenging; how can CIOs determine their exposure and prioritize their vulnerabilities? In this conversation, Yadin sits down with Chip Childers, VP Security, Compliance, Open-Source & Privacy Engineering & Chief Open Source Officer at VMware and Jim Mercer, Research Vice President - DevOps & DevSecOps at IDC, to discuss the software supply chain and how CIOs should think about it, in depth. They look at how we became so reliant on the open-source community and the impact of generative AI.Key Quotes:“When you talk about the idea of having to have development resources to do patching, it's those transitive dependencies, honestly, that you may not be able to patch because you're relying on other people's work. That's why understanding this complexity really matters.” - Chip “I don't think a lot of organizations realize how dependent they are on this open source community as we've started to kind of grow out, develop applications and rely so heavily on open source.”- Jim---------Timestamps:(01:15) Why are we concerned about the software supply chain?(05:25) Building complex systems on top of other complex systems(08:15) Realizations from the Log4j incident (11:22) Resulting shifts from new compliance and regulations(16:21) Creative chaos in the software industry (18:48) Reliance on the open-source community (19:23) How can you identify where code is coming from?(20:17) Prioritizing vulnerabilities (23:08) The snowball effect in the supply chain(25:00) How do you understand your exposure?(33:15) The impact of generative AI (37:27) Where should CIOs start heading into board level conversations? --------Links:Chip Childers on LinkedInJim Mercer on LinkedInCIO Exchange on TwitterYadin Porter de León on Twitter[Subscribe to the Podcast] On Apple PodcastFor more podcasts, video and in-depth research go to https://www.vmware.com/cio