Video interview with Robert Seacord, technical director in the assurance division at NCC Group and author of “Effective C” From No Starch Press, and of “Secure coding in C and C++”
{{ script_embed(‘wistia’, ’85g97rd043′, ”, ‘inline,responsive’) }}
In a recently published blog at the NCC Group, devops guru Robert Seacord wrote about the CertC Coding standard:
“The software supply chain problem involves understanding what software you are using and the quality attributes (such as modifiability, performance, availability, and security) of this software you are using. Just understanding what software you are using is a significant challenge.”
It’s a significant blog post that peels back some of the ‘layers of the onion’ of open-source DevOps dependencies. The goal, he writes is to trace back all code artifacts into human readable and auditable dependencies, or SLSA (Supply-chain Levels for Software Artifacts). In this video interview, we cover:
- The difference between providence of a software component, such as curl, and quality of the components
- Trust and accreditation across boundaries
- Secure coding standards that apply to third party components
