EP 21 — Red Hat’s Emmy Eide on How To Build A Strong Software Supply Chain Security Program

In this episode, Harshil chats with Emmy Eide, Director of Product Security at Red Hat, a leading provider of open source software solutions that enable enterprises to seamlessly work across various platforms and environments.

Emmy shares how she came to lead the team handling software supply chain security at Red Hat, and gives us a look into what makes for a good software supply chain security program - by utilizing tools, risk management best practices, and implementing security controls to protect the supply chain from threats and vulnerabilities.

Topics discussed:

• Why software supply chain security is important
• The need to establish partnerships between security and engineering teams to effectively implement security controls within the supply chain
• How Red Hat cultivates an open feedback culture between teams to achieve systemic security
• How the SLSA framework helps developers secure the supply chain
• Determining the scope of the software supply chain and what to include in the SBOM (software bill of materials)
• Leveraging how the SSDF (Secure Software Development Framework) drives secure software development and mitigates risks  to the supply chain