Auditing Software Artifacts | Video interview with Robert Seacord

July 6, 2021

Video interview with Robert Seacord, technical director in the assurance division at NCC Group and author of “Effective C” From No Starch Press, and of “Secure coding in C and C++”

 

 

 

In a recently published blog at the NCC Group, devops guru Robert Seacord wrote about the CertC Coding standard:  

“The software supply chain problem involves understanding what software you are using and the quality attributes (such as modifiability, performance, availability, and security) of this software you are using. Just understanding what software you are using is a significant challenge.”

It’s a significant blog post that peels back some of the ‘layers of the onion’ of open-source DevOps dependencies. The goal, he writes is to trace back all code artifacts into human readable and auditable dependencies, or SLSA (Supply-chain Levels for Software Artifacts). In this video interview, we cover:

  • The difference between providence of a software component, such as curl, and quality of the components
  • Trust and accreditation across boundaries
  • Secure coding standards that apply to third party components

robertseacord-shiftleft
Interested in trying CodeSonar or CodeSentry for yourself?
Book Evaluation

Recent Articles

Popular Articles

Posts by Topic