The Good and Bad of NIST's Secure Software Development Framework

Listen to Matt Howard, EVP at Sonatype, and industry experts Steve Springett, Chair, Cyclone DX, and Mike Wilkes, CISO, SecurityScorecard as they discuss:
- The new framework
- Why a holistic approach to SSDF needs to be taken
- Why a reductionist approach to focusing just on software developers is not going to be as strong as recognizing the context for how those vulnerabilities in software occur