 Hi, this is your host up in Bhartiya and welcome to our yearly prediction series. Today we have with us John Emeril co-founder and CEO of Slim AI, John is great to have you back on the show. Thanks for the great to be here. Of course, you know, I'm going to ask you to grab your crystal ball and share your predictions with us. But before we do that, let's just do a quick intro of the company. What is Slim AI all about? Slim.ai is a series a startup company. We focus on software supply chain security. Our products is a SaaS security product. It focuses on containerized workloads and our aim in the company is to help publishers and consumers, companies that use containerized workloads and publishers, companies that create software as containerized workloads. We help them build trust and transparency between those so that they can consume and do that in a secure way, consume those containers. As part of that, our system can analyze, evaluate and even remove vulnerabilities so we can automate the process of vulnerability management for containerized workloads in a collaborative environment where teams can work together to secure things in collaboration. Now, let's look at your crystal ball and see what predictions you have for us. We've been in this software supply chain security market for a while. It's a pretty broad term, but in general it means how do organizations tackle the idea of securing the software they use and create, reaching all the way back to wherever that software comes from, including open source software. It's been an emerging field and over the years we've seen it transform from something that's notional and a high level idea. Nice to have and just something important. My first prediction is 2024 is the year that software supply chain security transitions from figure it out like it was in 2023 to make it happen in 2024. It's a boardroom conversation now. We've done a survey of roughly 250 senior executives inside of organizations. This is the year they've decided to implement programs where they take control of this and that includes building better and more secure software by making sure that they're consuming safe and secure software and all of the things that go along with protecting themselves, including cryptographic integrity, making sure their build systems are working right, making sure that the software they're using has low vulnerabilities and all that. I think this is a watershed year for that. My second prediction is the need to change in that regard is going to be driven by our governments, the US government and the European governments, the European Union's proactive stance on recommendations and regulations in this regard. They will start to mandate that companies are taking responsibility for the security and integrity of the software that they put in production, that they run and that their customers rely on, that these organizations rely on. It will become something similar, I think, eventually to a security version of SOCs, Sarbanes-Oxley. Back in the day when there was a lot of financial governance problems, financial management problems and business governance problems, the federal government started out by, US federal government started out by creating recommendations and they were doing a lot of legal work and even some prosecutions. That led to organizations having to change their behavior. Sarbanes-Oxley came out, it became a requirement, a legal requirement. I see the tide shifting toward the burden of cybersecurity to become one of these mandatory things. If you want to be a public company or even a federal agency in the EU and the United States, I think that these governments will start to make it a mandatory thing. That's going to drive pressure on the software supply chain, of course, because for companies consuming your software and it's part of their business and they're subject to this scrutiny, well, you're going to have to be a more high integrity and responsible and transparent provider and that will drive the software supply chain importance among the whole community of developers. There's some risks along with this because certainly this could change the relationship between open source providers and the commercial world. That's interesting to see how this will shake out. There are pluses and minuses to it. The third is for all this to actually work, I think the 2024 will mark a transition in the idea of collaboration as a cornerstone of transparency and trust between stakeholders in the software supply chain. You think of an open source or even a commercial software vendor. You're producing software that these public companies consume and their responsibility is to make sure that's very secure. Historically, the incentives on both sides has been to in effect manage security based on each other's business outcome goals. For a producer, that's often to try to build a minimally viable security so that you can effectively transact, get your software sold or get it used, etc. The value in the software and the capability of the software was always much higher in priority because that's how your business runs to the security of it. It was a disincentive for you to spend a lot of time securing things, especially for an open source software producer. It's something that's kind of a tax. It's something that can actually create friction for your business if your consumers want to push on you to change the security. If this software supply chain security world evolves like I described, these consumers of software will have high mandates to make sure that they're enforcing security requirements on the vendors, on open source and it will change the relationship. The only way for that to work easily and with low overhead is for the two parties to collaborate, for them to understand each other's posture. For producers and consumers to come together in a common place, have open discussions about the security share findings so that there's not a lot of duplicate work and there's a lot of speed and ease at coming to some conclusion about what's secure enough means. Those are the three things I think will happen in 2024. I think that things are lining up and even more criticality will happen because with AI the rate of new software development is going up exponentially. The rate of new risks are going up exponentially. We need to find a better way and software supply chain security is kind of the way there and I'm hopeful this will be the year for change. Now let's look at what kind of challenges you see are going to be there for the ecosystem, for the market, for the industry and even firstly, AI to tackle. The role of the chief information security officer keeps getting harder and harder. The acceleration at which the bad actors can go is insane, like the AI is going to power them up. That job is a really challenging job. We've recently seen cases where there's been a breach and the CISO, the chief information officer, security officer gets indicted. We've even seen some get convicted of negligence. This is a really hard job and businesses and our worlds today, our economy, all of this depends on these folks' ability to do their jobs. Software supply chain security will add another element of complexity to their jobs. It's expanding. I think the biggest challenge will be how do we manage all this change? How do we govern it? I see the chief information security officer as the cornerstone, the head of the spear, so to speak, in driving these changes. We really need board, boards of directors, companies to stand behind them. We need our government to understand the criticality in that role and we need to power them up with tools, some regulations, so they know what it means to do their job well so they're not flying in the dark and we need to help them with better tools and better capabilities. Part of my company's job is to try to give automations and capabilities to those organizations to make them run better and do their jobs more easily, but we all need to stand behind the chief information security officer. Their challenge in 2024 will just get harder. For my company, certainly that means that we want to focus on continuing to build and evolve our product. We're seeing a lot of good traction in our ability to help companies remove vulnerabilities and make the problem of software supply chain security easier through collaboration. We're really just focused on getting our customers to be successful, for them to meet their objectives and to create value and that value really comes in them having less work and more speed at ensuring that the software they put in production and create their business applications from is secure and trusted and that's really our mission to help companies do that better. And what is going to be the focus of SlimEI or your focus this year? Certainly in 2024, as I said, in our company we're really about innovating and driving the better solutions to solve some of these key problems I described. We're really focused on this software supply chain security problem and the ability to bring consumers and producers of software together in a common place and make it easier for them to transact, trust and build better secure software together. I think the old age of I have my security program, you have your security program, we don't really talk security through obscurity, lack of transparency, opaqueness is an old school thought pattern. We really need vendors and software developers and software creators to work more collaboratively. Our platform helps to do that and automate a lot of the work to get there. John, thank you so much for taking time out today and share your predictions. Of course, I'll have you again next year to not only see how many of these predictions turn out to be true, but also get the next set of predictions. I really appreciate your time today. Thank you. I'd love that opportunity. Thanks again, Swap. I love the show. Good luck.