Check out the show notes for links to articles we covered.

Supply Chain Security

Hello Protocols, Packets, and Programs,

Appsec likes to talk about supply chains and weak links,

About threads and strings,

And lines of code.

But as Spock noted in Star Trek 2: The Wrath of Khan,

“[That] pattern indicates two dimensional thinking.”

After all, we need multiple factors to protect our credentials,

We need almost a dozen factors to calculate a single CVSS score,

And we need a million secure dependencies every time we install a single NPM package.