Ken and Mike discuss the importance of postmortems in incident response and security incidents. They explore the definition of postmortems, the value of reflection, the challenges of blame, and the significance of actionable outcomes. They also touch on the transparency of postmortems and the need for root cause analysis. The conversation concludes with a brief announcement about an upcoming conference series.

Ken and Mike discuss supply chain security, including software composition analysis (SCA) and software bill of materials (SBOM). They highlight the importance of understanding the components that make up your software and the risks associated with using third-party libraries. They also discuss recent supply chain failures, such as the XZ library hack and the SolarWinds attack. The hosts emphasize the need for organizations to stay up to date with software patches and to consider the security of commercial off-the-shelf software. They caution against placing too much focus on any one security tool or approach, including SBOM, and instead advocate for a well-rounded approach to security.

In this episode Mike and Ken dive into the wild world of SaaS products in DevSecOps. From vendors to security tooling hygiene they cover an often overlooked ecosystem of cloud and software services that may be rotting in the sky of your workloads. Join up for a listen on SaaS Security!