Podcast
Solving the Software Supply Chain — The Somerford Podcast
Securing the Software Supply Chain, One Image at a Time.
Episode Summary
In this episode, John Dee (Somerford) is joined by Rob Finn (Chainguard) to discuss the critical challenges of securing the software supply chain in modern software development. They explore how open-source vulnerabilities can slow developer velocity, create friction between security and engineering teams, and increase operational and compliance risks. Rob explains Chainguard’s approach of providing “secure by default” images that are rebuilt, tested, and signed at the source, reducing noise from traditional security tools and allowing developers to focus on delivering features safely. The conversation also covers cultural change, adoption challenges, and how organisations can measure tangible ROI through reduced CVEs, improved compliance, and faster deployment.
Looking ahead, the panel reflect on the evolving role of AI and machine learning in supply chain security, the need for continuous monitoring, and the importance of provenance standards like the Salsa framework. Rob emphasises how Chainguard’s approach helps organisations break the “doom cycle” of reactive vulnerability management, streamline workflows, and maintain resilience in an increasingly complex digital environment. Practical advice for security leaders includes starting with base images, measuring impact incrementally, and expanding secure practices gradually to demonstrate clear business value.
Looking ahead, the panel reflect on the evolving role of AI and machine learning in supply chain security, the need for continuous monitoring, and the importance of provenance standards like the Salsa framework. Rob emphasises how Chainguard’s approach helps organisations break the “doom cycle” of reactive vulnerability management, streamline workflows, and maintain resilience in an increasingly complex digital environment. Practical advice for security leaders includes starting with base images, measuring impact incrementally, and expanding secure practices gradually to demonstrate clear business value.
Additional Resources
Chainguard Partnership
Find out more on our Chainguard partner page about securing software at the source and transforming how your organisation manages risk.
Chainguard Presents: Migration Best Practices Guide
Discover how Chainguard Images reduce vulnerabilities, streamline container security, and help teams build safer, more efficient containerised applications.
About Us
At Somerford Associates, we are a passionate group of people delivering innovation to our customers on their digital transformation journey.
Get in Touch to Learn More
Somerford has a skilled team based in the Middle East to help with migrations to the cloud, hybrid or on-premise environments including SecDevops DevOps, Cloud or MultiCloud strategies. We can also assist in an array of other digital transformation projects. Contact a member of our team today to get started.