logo
episode-header-image
Dec 2023
43m 6s

Software Supply Chain Security with Mich...

Software Engineering Daily
About this episode

One of the most famous software exploits in recent years was the SolarWinds attack in 2020. In this attack, Russian hackers inserted malicious code into the SolarWinds Orion system, allowing them to infiltrate the systems of numerous corporations and government agencies, including the U.S. executive branch, military, and intelligence services.

This was an example of a software supply chain attack, which exploits interdependencies within software ecosystems. Software supply chain security is a growing issue, and is particularly important for companies that rely on large numbers of open source dependencies.

Michael Lieberman is the Co-Founder and CTO of Kusari and has an extensive background in software security from his time at Citi Bank, MUFG and Bridgewater. He’s also active in the open source and security communities, including the Open Source Security Foundation and Cloud Native Computing Foundation. Michael joins the show today to talk about challenges and strategies in software supply chain security.

Gregor Vand is a security-focused technologist, and is the founder and CTO of Mailpass. Previously, Gregor was a CTO across cybersecurity, cyber insurance and general software engineering companies. He has been based in Asia Pacific for almost a decade and can be found via his profile at vand.hk.

 

The post Software Supply Chain Security with Michael Lieberman appeared first on Software Engineering Daily.

Up next
Yesterday
SED News: Data Land Grabs, Copyright Fights, and the Great AI Talent War
Welcome back to SED News, a podcast series from Software Engineering Daily where hosts Gregor Vand and Sean Falconer break down the latest stories in software engineering, Silicon Valley, and the wider tech industry. In this episode, Gregor and Sean dig into Meta’s legal battle o ... Show More
46m 15s
Jul 3
AI at Anaconda with Greg Jennings
Anaconda is a software company that’s well-known for its solutions for managing packages, environments, and security in large-scale data workflows. The company has played a major role in making Python-based data science more accessible, efficient, and scalable. Anaconda has also ... Show More
49m 29s
Jul 1
ByteDance’s Container Networking Stack with Chen Tang
ByteDance is a global technology company operating a wide range of content platforms around the world, and is best known for creating TikTok. The company operates at a massive scale, which naturally presents challenges in ensuring performance and stability across its data centers ... Show More
47m 57s
Recommended Episodes
Jan 2020
Curveball proofs-of-concept. CISA warns chemical industry. Military families harassed online. Phishing the UN. Fleeceware in the Play Store. Moscow says there was no Burisma hack.
Proof-of-concept exploits for the CryptoAPI vulnerability Microsoft patched this week have been released. CISA warns the chemical industry to look to its security during this period of what the agency calls “heightened geopolitical tension.” Families of deployed US soldiers recei ... Show More
21m 50s
May 2019
Supply chain hacking campaign looks like espionage. Airstrikes versus hackers. FTC versus Facebook. Notes from the Global Cyber Innovation Summit. What’s up with MegaCortex.
Tracking a group that’s after the software supply chain. Israel adds airstrikes to the array of responses it’s prepared to make to hackers. The US Federal Trade Commission still doesn’t know how you solve a problem like Mark. Some more notes from last week’s Global Cyber Innovati ... Show More
22m 33s
Sep 2023
DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.
A VMConnect supply chain attack is connected to the DPRK. Reports of an aledgedly "fully undetectable information stealer." DB#JAMMER brute forces exposed MSSQL databases. A Cyberattack on a Canadian utility. The state of DevSecOps. A look at hacktivism, today and beyond. Betsy C ... Show More
31m 33s
Nov 2021
Trojan Source--a threat to the software supply chain. Ransomware goes to influence operations school. Triple extortion? Criminal target selection.
Researchers describe Trojan Source, a hard-to-detect threat to the software supply chain. A ransomware gang takes a page from the information operator’s book. From double extortion to triple extortion, as other ransomware gangs add distributed denial-of-service to encryption and ... Show More
27m 56s
Dec 2021
Security Straight Talk with Jim Alkove, Chief Trust Officer at Salesforce, and George Kurtz, President/CEO and co-founder of CrowdStrike
When it comes to IT security, there are a lot of marketing pitches out there offering bullish assessments of certain technologies, and, of course, the particular products being pitched. Really, there’s nothing wrong with marketers doing their jobs, and it’s especially useful when ... Show More
36m 12s
Feb 2023
Fighting software vulnerabilities with software bill of materials
Earn additional income by sharing your opinion on userinterviews.com!Episode Resources: Executive Order on Improving the Nation’s Cybersecurity Alpha-Omega Projects Cybersecurity & Infrastructure Security Agency (Cisa) Tools to create SBOM  About Barak Brudo Barak Brudo helps org ... Show More
38m 35s
Oct 2023
AI Threats & Opportunities in Cyber Security With Material Security Co-Founder Ryan Noon
Cyber Security is going to change significantly in the era of AI, according to Ryan Noon, cofounder of Material Security, a security company that makes cloud-based Google and Microsoft email a safe place for sensitive data. Elad Gil and Ryan talk about how Material Security start ... Show More
36m 22s
Listen to millions of songs and podcasts on Anghami