Podcast

From Compliance to Capability: Securing the Federal Software Supply Chain in the Age of AI

From Compliance to Capability: Securing the Federal Software Supply Chain in the Age of AI

On this episode of Tech Transforms, host Carolyn Ford welcomes Antoine Harden, Regional VP of Federal at Sonatype, to unpack one of the most urgent challenges in federal cybersecurity: securing the software supply chain. With more than 25 years of experience at Oracle, Google, and now Sonatype, Antoine shares why software supply chain risks from SolarWinds to Log4j have pushed SBOMs (Software Bills of Materials) and continuous monitoring into the spotlight.

Together, they break down what SBOMs are (think nutrition labels for software), how mandates like Executive Order 14028 and frameworks like NIST’s Secure Software Development Framework (SSDF) and DoD’s SWFT are changing the compliance landscape, and why automation is essential to get from static ATOs to continuous authorization.

Antoine also explains how Sonatype uses AI and software composition analysis tools to close critical gaps in open source and AI-heavy environments, helping agencies shift left, reduce vulnerabilities, and accelerate secure delivery of mission-critical systems. Along the way, the conversation covers everything from JFK delays caused by vulnerabilities, to the risks of “ludicrous speed” AI adoption, to the surprising history of Project Pigeon in WWII.

For federal leaders ready to take action, Antoine offers one concrete step: start with a single mission-critical application, mandate an SBOM, and see what hidden risks you uncover.

Show Notes:

1. Connect with Antoine  https://www.linkedin.com/in/antoine-harden-mba-035a441/
2. Executive Order 14028
3. NIST Secure Software Development Framework (SSDF)
4. CISA Zero Trust Maturity Model
5. DoD’s SWFT (Software Fast Track Initiative)
6. Sonatype Resource Center