Software Supply Chain Attacks Will Continue To Increase In 2022

Guest: Josh Viney (LinkedIn, Twitter)
Company: Slim.AI (Twitter)
Show: 2022 Prediction Series

Josh Viney, Head of Product at Slim.AI, believes that software supply chain attacks will continue to increase through 2022. However, there’s a silver lining. “A ton of talent in the open-source and commercial space are actively tackling these challenges with efforts including software signing, better vulnerability detection and introduction of tools like ours that focus on better visibility and security-minded container image optimization,” quips Viney. These efforts will ultimately pave the way for best practices and tooling. Check out his prediction in detail in the video above.

[expander_maker]

Swapnil Bhartiya: Hi, this is your host Swapnil Bhartiya, and welcome to the 2022 predictions series. And today we have with us, Josh Viney, Head of Product at Slim.AI. Josh, it’s great to have you on the show.

Josh Viney: Hey, thank you.

Swapnil Bhartiya: Before we get started with your predictions, quickly a reminder to the viewers, what is Slim. AI about?

Josh Viney: Sure thing. So Slim.AI, our mission is to help developers create and deploy their cloud-native applications more efficiently and securely. We want to decrease friction between development, DevOps, and security by giving developers better tools and automation. Simply we believe that shifting left doesn’t mean the developers have to do more work.

Swapnil Bhartiya: Thanks for sharing about the company. Now it’s time for you to pick up your crystal ball and share with us what predictions you have for 2022.

Josh Viney: Software supply chain attacks have been increasing and will continue to increase through 2022, but it’s not all doom and gloom. We believe there’s a silver lining. So first the bad news, significant attacks will keep happening. The risk of software products introduces hard to quantify, recognizing and reducing that risk is challenging and expensive. Resulting in increased pressure to open source and commercial maintainers, many of whom already struggle with the challenges of maintaining and contributing to their projects. Add to that the overall talent shortage and it’s not a matter of when it’s going to happen, or a matter of when it’s going to happen, it’s a matter of when it’s going to happen.

Major software companies are going to require software supply chain provenance for all of their vendors. CISOs are going to push the burden of proof in software up to supply chain or refuse to work with companies that can’t document the safety of their software. We’ll see that in contracts and licenses and third-party commercial applications, but it’ll be really, really interesting to see how this plays out with the open-source community. The good side, this is the silver lining here. A ton of talent in the open-source and commercial space are actively tackling these challenges from software signing, better vulnerability detection to tools like ours that focus on better visibility and security-minded container image optimization. From this effort, better best practices and tooling will emerge and become widely adopted.

Swapnil Bhartiya: Thanks for sharing these predictions with us. Now, if I ask you what is going to be the focus for the company in 2022?

Josh Viney: Slim’s focus for 2022 is on expanding our products to address the challenges I mentioned above and creating a great developer experience. In the near term, we’re expanding our current ability capabilities, which we released to early access last summer, and then expanding our capabilities by releasing our image optimization tooling. From there, continued investment in our open-source projects like DockerSlim and engaging with as many developers as we can to inform our product direction and help reduce the risk of inherent to software supply chain.

Swapnil Bhartiya: Josh, thank you so much for sharing these predictions and also sharing the focus of the company for the year 2022. Of course, we are just in the beginning of the year, January, so we’ll be seeing a lot of the future, and also we’ll see how many of your predictions turn out to be true. So thank you for your time today.

Josh Viney: Thank you.

[/expander_maker]

You may also like

Acorn Labs’ GPTScript aims to redefine coding for AI applications

Kubernetes is not for the weakhearted, so we are trying to simplify it | Sudeep Goswami

Salt Security sheds light on security risks of LLMs

You need a robust cyber materiality program | CISO Insights E2

Akamai offers NVIDIA RTX 4000 Ada GPUs for gaming and media

Are VMware customers looking at alternatives post-Broadcom acquisition?