At this year’s Black Hat Conference in Las Vegas, software supply chain security is top of mind for the InfoSec community. One of the biggest obstacles to improving the security of organizations and critical infrastructure is the poor state of software security. Alas: training developers to produce secure code is expensive, and time intensive. Or is it? At this year’s conference, Adam Shostack, President of Shostack & Associates, described a new approach to scale secure development training and educate a developer workforce, keeping time and financial restraints in mind. We chatted with him one-on-one to learn his insights.