Key topics on Access Control Podcast: Episode 14 - Securing CI/CD and Supply Chain

- What is CI/CD? CI/CD stands for continuous integration, continuous deployment.- With regard to software supply chain problems, as with other similar problems, there's always the question of how long have we known about something versus how long has it been happening. - Continuous deployment is important for remediation because the length of time to push a deployment impacts the duration of exposure to a given security problem.- The SolarWinds incident was caused by a compromised build server and involved sophisticated loading of a backdoor into the deployed Orion system. - Prior to recent security incidents, traditional CI/CD's focussed around image and artifact scanning. Securing Tokens and Build Infrastructure have been a key part of the solution to keep CI/CD secure. - As companies string together a large number of tools, it's important for them to ask: What is the security model we have here? We'll discuss this in detail with this eposide.