In this episode of the Future of Application Security, Harshil speaks with Helen Oakley, Lead Architect for Software Supply Chain Security at SAP, which develops enterprise software for business operations. They discuss the need for software supply chain security, especially considering how much of software is open source today, and what the current state of adoption is across industries. They also discuss how you can optimize SBOMs and the misconceptions around them, where organizations can start implementing software supply chain security, and why it's needed to protect both infrastructure and human life.

Topics discussed:

• What software supply chain security is, and the different considerations — like open source components — that make it a priority for organizations today.
• The current state of adoption for software supply chain security, the challenges to adoption, and which industries are on the forefront while others lag behind.
• How software supply chain security and SBOMs will evolve, especially considering the need for safety around digitally-connected devices that can impact human well-being.
• Some of the misconceptions around what SBOMs offer, and what more has to be done in addition to SBOM implementation to make supply chains more secure.
• Advice for organizations looking to get started on or ramp up their software supply chain security approach, which includes improving SBOM quality and automation.
• How to be prepared to receive and consume SBOMs from vendors, and what tools to use to analyze that data.
• What types of benefits and risks AI will pose for software supply chain security in the future, especially around transparency.