In Episode 11 of Secrets of AppSec Champions, Chris Lindsey and Cassie Crossley delve into the intricate world of supply chain security. Cassie Crossley, Vice President of Supply Chain Security at Schneider Electric, brings her extensive experience in software development and security to the fore, emphasizing the importance of following secure development practices. She advocates for the separation of build and development environments to avoid outdated methods and stresses the significance of modern frameworks like Google's Salsa platform and the NIST Secure Software Development Framework (SSDF), despite its lack of certification measures. Crossley also discusses the unique challenges of maintaining provenance for older software, especially open-source projects, and highlights the crucial role of developer education in preventing vulnerabilities introduced by unverified code snippets.
Chris Lindsey raises pertinent concerns about access control complexities within production environments and underscores the need for rigorous security measures to ensure the integrity of devices and software. The conversation shifts to the potential threats posed by AI, with both speakers stressing the importance of embedding security into AI-generated code from the outset. They explore global supply chain security issues, referencing Cisco’s audits and the effectiveness of zero-trust policies. Crossley also addresses the impact of legislative measures like California's connected devices law on both consumer and industrial devices, and how cybersecurity practices have evolved since the 80s and 90s.
The episode wraps up on a personal note, with Crossley sharing her views on career growth and the importance of pursuing roles that bring personal fulfillment. She advocates for exploring opportunities within the same organization to foster both personal and professional development without losing accumulated knowledge and experience. This episode offers listeners a comprehensive overview of supply chain security, blending high-level frameworks with practical challenges, and provides valuable insights into both the technical and human aspects of the field.

Key topics with timestamps:
1. Understanding Supply Chain Security and Modern Software Practices with Cassie Crossley
2. Securing Software Development: From Google Salsa to NIST SSDF Standards
3. Protecting Supply Chains: Challenges and Solutions in a Digital World
4. Cassie Crossley on Cybersecurity Challenges in Modern Supply Chains
5. The Role of AI and Secure Development in Supply Chain Integrity
6. Ensuring Safe Software: Best Practices and Emerging Threats
7. Access Control, Zero Trust, and Supply Chain Security Insights
8. Cassie Crossley Discusses Securing Legacy Systems and Modern Software
9. From AI to Software Certification: Enhancing Cybersecurity Practices
10. Navigating the Complexities of Supply Chain Security and Software Updates

For more amazing application security information, please visit the following LinkedIn communities:
https://www.linkedin.com/company/appsec-hive

Provided by Mend.io (https://mend.io)