Explore a comprehensive conference talk from AppSecEU 2016 in Rome that delves into implementing a supply chain approach for building and maintaining trust in software development. Learn about the Jenkins vulnerability, its mitigation, and the broader implications for software security. Discover the importance of central repositories, MITRE and Verizon databases, and compound risks in the software supply chain. Gain insights into prevention strategies, including compliance standards like PCI DSS, and the concept of transitive dependencies. Examine the software delivery pipeline, emphasizing standardization, catalog control points, and automation. Understand the Onion Model of Testing, Rugged Software Factory principles, and the significance of a Bill of Materials. Explore reverse engineering techniques, leadership in security, and test-driven development practices. Access valuable references for scaling secure software development processes.