Episode 105: From Compliance to Capability: Securing the Federal Software Supply Chain in the Age of AI

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/25/c7/8a/25c78aea-09f2-bd5e-5190-eb83184a1a1f/mza_875778416524342226.jpg/600x600bb.jpg

Tech Transforms

Carolyn Ford

111 episodes

2 days ago

Global technology is changing the way we live. Critical government decisions affect the intersection of technology advancement and human needs. This podcast talks to some of the most prominent influencers shaping the landscape to understand how they are leveraging technology to solve complex challenges while also meeting the needs of today's modern world.

Technology

Government

RSS

All content for Tech Transforms is the property of Carolyn Ford and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

Government

https://assets.fireside.fm/file/fireside-images-2024/podcasts/images/8/81d9d6b0-0045-48da-8495-fd87c4613d7f/episodes/b/b78757c1-8167-4e0d-8921-afe3fa00ca3b/cover.jpg?v=1

Episode 105: From Compliance to Capability: Securing the Federal Software Supply Chain in the Age of AI

Tech Transforms

40 minutes 57 seconds

2 months ago

Episode 105: From Compliance to Capability: Securing the Federal Software Supply Chain in the Age of AI

On this episode of Tech Transforms, host Carolyn Ford welcomes Antoine Harden, Regional VP of Federal at Sonatype, to unpack one of the most urgent challenges in federal cybersecurity: securing the software supply chain. With more than 25 years of experience at Oracle, Google, and now Sonatype, Antoine shares why software supply chain risks from SolarWinds to Log4j have pushed SBOMs (Software Bills of Materials) and continuous monitoring into the spotlight.

Together, they break down what SBOMs are (think nutrition labels for software), how mandates like Executive Order 14028 and frameworks like NIST’s Secure Software Development Framework (SSDF) and DoD’s SWFT are changing the compliance landscape, and why automation is essential to get from static ATOs to continuous authorization.

Antoine also explains how Sonatype uses AI and software composition analysis tools to close critical gaps in open source and AI-heavy environments, helping agencies shift left, reduce vulnerabilities, and accelerate secure delivery of mission-critical systems. Along the way, the conversation covers everything from JFK delays caused by vulnerabilities, to the risks of “ludicrous speed” AI adoption, to the surprising history of Project Pigeon in WWII.

For federal leaders ready to take action, Antoine offers one concrete step: start with a single mission-critical application, mandate an SBOM, and see what hidden risks you uncover.

Show Notes:
Connect with Antoine https://www.linkedin.com/in/antoine-harden-mba-035a441/
Executive Order 14028 NIST Secure Software Development Framework (SSDF)
CISA Zero Trust Maturity Model
DoD’s SWFT (Software Fast Track Initiative)
Sonatype Resource Center