In this episode, Matt defines what secrets are, such as API keys, database passwords, encryption keys, and more. He explains that hackers target them in order to gain access to an application, causing a security breach such as with CircleCI recently.
In this episode, Matt breaks down the recent CircleCI hack by visualizing the integrated development environment (IDE) process. In doing so, he points out that not only does source code need to be secure, but also the development process itself in order to prevent incidents like the CircleCI secrets hack.
In this ReversingGlass, Matt Rose gives an overview of the U.S. Executive Order 14028 and Memorandum M-22-18, which now mandate that any software provider in business with the Federal Government self-attest to having secure software. Matt explains that starting with a comprehensive Software Bill of Materials (SBOM) is the best way to do this.
A Software Bill of Materials (SBOM) is a great first step in an organization's software supply chain security journey. But, as Matt explains in this episode of ReversingGlass, organizations need to go beyond using just the SBOM to have a robust secure software program.