Securing the Software Supply Chain with Justin Cappos

Description

Modern software is built on layers and layers of code. So how do we know we can trust it?

In this episode of Alexa’s Input (AI), Alexa Griffith sits down with Justin Cappos, professor of computer science at NYU and a leading expert in software supply chain security, to unpack what trust really means in today’s digital infrastructure.

From package managers and dependency chains to large-scale outages and AI systems built on inherited code, Justin explains why many security failures aren’t random accidents, they’re predictable consequences of weak process, misaligned incentives, and insecure design.

They discuss:

Why security only becomes visible when something breaks
The difference between unavoidable failure and negligence
How modern software supply chains amplify small mistakes
The role of leadership and culture in preventing breaches
Why verification systems like TUF and in-toto matter more than ever

As AI accelerates development and increases system complexity, the need for verifiable trust only grows. This episode is a practical look at the invisible infrastructure that keeps modern software, and increasingly, modern AI, from collapsing under its own complexity.

Podcast Links

Watch: ⁠⁠⁠⁠⁠⁠https://www.youtube.com/@alexa_griffith⁠⁠⁠⁠⁠⁠

Read: ⁠⁠⁠⁠⁠⁠⁠⁠https://alexasinput.substack.com/⁠⁠⁠⁠⁠⁠⁠⁠

Listen:⁠⁠⁠⁠ https://creators.spotify.com/pod/profile/alexagriffith/⁠⁠⁠⁠

More: ⁠⁠⁠⁠⁠⁠https://linktr.ee/alexagriffith⁠⁠⁠⁠⁠⁠

Website: ⁠⁠⁠⁠⁠⁠https://alexagriffith.com/⁠⁠⁠⁠⁠⁠

LinkedIn: ⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/alexa-griffith/⁠⁠⁠⁠⁠

Find out more about the guest at:

Website: https://engineering.nyu.edu/faculty/justin-cappos

NYU page: https://ssl.engineering.nyu.edu/personalpages/jcappos/

Wikipedia: https://en.wikipedia.org/wiki/Justin_Cappos

Chapters