Supply chain attacks, including attacks on CI/CD pipelines, are a growing risk to software publishers and their customers. In this episode of the ConversingLabs podcast, recorded live at the Black Hat Briefings in Las Vegas, host Paul Roberts talks with researchers Iain Smart & Viktor Gazdag of NCC Group about their presentation on the security lessons learned from five years of assessing cyber risks in development environments and CI/CD pipelines.