In this episode of the HackerNoon Podcast, Amy Tom sits down with Ilkka Turunen to talk about Supply Chain Security. They go over the Log4J incident that made a lot of apps built-in Java vulnerable to exploitation, what it means to be a field CTO, how companies can place themselves to collect user feedback, and a lot more!   Ilkka Turunen is the Field CTO of https://www.sonatype.com/ (Sonatype).   On this episode of the HackerNoon Podcast, Amy Tom and Ilkka Turunen chat about: What is a field CTO anyways? 🤔 (01:20) How do you stay in the loop on customer needs and feedback? ➿ (05:19) How has Ikka’s job as a field CTO changed since the pandemic started? 😷 (07:30) Supply chain attacks have increased since the pandemic started. How have Sonatype’s customers and the business changed over this period? 🧰 (08:53) Breaking down how the executive order by Biden’s administration regarding supply chains is affecting the software industry ⚙️ (10:06) What is the best way to mitigate supply chain risk? ⚠️ (11:49) Getting into vendor due diligence as mitigation of supply chain risk 🚩(17:22) Learnings from the Log4J incident 📝 (22:44) Why are 40% of Log4J downloads still the old vulnerable versions? ☢️ (25:47)   Log4J vulnerability resource center: https://www.sonatype.com/resources/log4j-vulnerability-resource-center   Find Ilkka Turunen online: https://twitter.com/llkkaT   Learn more about HackerNoon: To read HackerNoon stories, check out hackernoon.com To apply for a position, check out https://careers.hackernoon.com/ To participate in HackerNoon writing contests, check out https://hackernoon.com/u/hackernooncontests