Skip to content

DevSec For Scale Podcast – Improving Software Supply Chain Trust w/ Barak Brudo, Scribe Security

In this episode of the “DevSec for Startups” podcast, Jeremy Hess speaks with Barak Brudo, a developer advocate at Scribe Security, about the importance of software supply chain security and the role of Software Bill of Materials (SBOM). Barak explains that SBOMs provide a detailed breakdown of software components, including libraries and tools used, allowing developers to track dependencies and identify vulnerabilities. This transparency helps in quickly pinpointing issues like the Log4j vulnerability, where companies with an SBOM could easily search for the affected version. Barak emphasizes that SBOMs are essential for maintaining the integrity of software products, ensuring that no unauthorized changes have been made.

Barak discusses his eclectic background, which includes programming, education, and art, before returning to development and eventually joining Scribe Security. He highlights the importance of SBOMs in providing transparency and integrity in the software supply chain. SBOMs help developers and organizations by documenting all components of their software, making it easier to identify and address security issues. Despite their benefits, Barak notes that SBOMs are still relatively rare, especially among startups. He advocates for their broader adoption, explaining that creating an SBOM can be as simple as integrating a tool into the CI/CD pipeline to generate the SBOM with each build.

The conversation also covers practical advice for startups looking to improve their software security. Barak recommends maintaining a curated list of approved libraries and tools to avoid inadvertently introducing vulnerabilities through unvetted dependencies. He also advises setting specific version numbers for dependencies to prevent automatic updates that could introduce issues, as demonstrated by the recent incident with the “colors” library. Additionally, Barak underscores the value of incorporating SBOMs into the development process, even if only for internal use, to ensure comprehensive documentation and easier identification of potential security risks.

Subscribe to Newsletter
  • EncryptionKeyManagement_BestSupport_Enterprise_QualityOfSupport
  • PrivilegedAccessManagement(PAM)_HighPerformer_Enterprise_HighPerformer
  • PrivilegedAccessManagement(PAM)_EasiestAdmin_Enterprise_EaseOfAdmin
  • users-love-us

© 2025 AKEYLESS. All rights reserved