logo
episode-header-image
Dec 2023
43m 6s

Software Supply Chain Security with Mich...

Software Engineering Daily
About this episode

One of the most famous software exploits in recent years was the SolarWinds attack in 2020. In this attack, Russian hackers inserted malicious code into the SolarWinds Orion system, allowing them to infiltrate the systems of numerous corporations and government agencies, including the U.S. executive branch, military, and intelligence services.

This was an example of a software supply chain attack, which exploits interdependencies within software ecosystems. Software supply chain security is a growing issue, and is particularly important for companies that rely on large numbers of open source dependencies.

Michael Lieberman is the Co-Founder and CTO of Kusari and has an extensive background in software security from his time at Citi Bank, MUFG and Bridgewater. He’s also active in the open source and security communities, including the Open Source Security Foundation and Cloud Native Computing Foundation. Michael joins the show today to talk about challenges and strategies in software supply chain security.

Gregor Vand is a security-focused technologist, and is the founder and CTO of Mailpass. Previously, Gregor was a CTO across cybersecurity, cyber insurance and general software engineering companies. He has been based in Asia Pacific for almost a decade and can be found via his profile at vand.hk.

 

The post Software Supply Chain Security with Michael Lieberman appeared first on Software Engineering Daily.

Up next
Yesterday
Scaling AI in Enterprise Codebases with Guy Gur-Ari
The rise of language-model coding assistants has led to the creation of the vibe coding paradigm. In this mode of software development, AI agents take a plain language prompt and generate entire applications, which dramatically lowers the barriers to entry and democratizes access ... Show More
52m 5s
Oct 7
SED News: NVIDIA Bets on Intel, Meta’s Demo Crash, and Anthropic’s Explosive Growth
SED News is a monthly podcast from Software Engineering Daily where hosts Gregor Vand and Sean Falconer unpack the biggest stories shaping software engineering, Silicon Valley, and the broader tech industry. In this episode, they cover NVIDIA‘s $5B investment in Intel and $100M s ... Show More
53m 23s
Oct 2
Orkes and Agentic Workflow Orchestration with Viren Baraiya
Modern software systems are composed of many independent microservices spanning frontends, backends, APIs, and AI models, and coordinating and scaling them reliably is a constant challenge. A workflow orchestration platform addresses this by providing a structured framework to de ... Show More
46m 44s
Recommended Episodes
Jan 2020
Curveball proofs-of-concept. CISA warns chemical industry. Military families harassed online. Phishing the UN. Fleeceware in the Play Store. Moscow says there was no Burisma hack.
Proof-of-concept exploits for the CryptoAPI vulnerability Microsoft patched this week have been released. CISA warns the chemical industry to look to its security during this period of what the agency calls “heightened geopolitical tension.” Families of deployed US soldiers recei ... Show More
21m 50s
May 2019
Supply chain hacking campaign looks like espionage. Airstrikes versus hackers. FTC versus Facebook. Notes from the Global Cyber Innovation Summit. What’s up with MegaCortex.
Tracking a group that’s after the software supply chain. Israel adds airstrikes to the array of responses it’s prepared to make to hackers. The US Federal Trade Commission still doesn’t know how you solve a problem like Mark. Some more notes from last week’s Global Cyber Innovati ... Show More
22m 33s
Sep 2023
DPRK cyberespionage update. New cybercriminal TTPs. The state of DevSecOps. Hacktivism and the nation-state. Cyberwar lessons learned. A free decryptor for Key Group ransomware.
A VMConnect supply chain attack is connected to the DPRK. Reports of an aledgedly "fully undetectable information stealer." DB#JAMMER brute forces exposed MSSQL databases. A Cyberattack on a Canadian utility. The state of DevSecOps. A look at hacktivism, today and beyond. Betsy C ... Show More
31m 33s
Nov 2021
Trojan Source--a threat to the software supply chain. Ransomware goes to influence operations school. Triple extortion? Criminal target selection.
Researchers describe Trojan Source, a hard-to-detect threat to the software supply chain. A ransomware gang takes a page from the information operator’s book. From double extortion to triple extortion, as other ransomware gangs add distributed denial-of-service to encryption and ... Show More
27m 56s
Dec 2021
Security Straight Talk with Jim Alkove, Chief Trust Officer at Salesforce, and George Kurtz, President/CEO and co-founder of CrowdStrike
When it comes to IT security, there are a lot of marketing pitches out there offering bullish assessments of certain technologies, and, of course, the particular products being pitched. Really, there’s nothing wrong with marketers doing their jobs, and it’s especially useful when ... Show More
36m 12s
Feb 2023
Fighting software vulnerabilities with software bill of materials
Earn additional income by sharing your opinion on userinterviews.com!Episode Resources:Executive Order on Improving the Nation’s CybersecurityAlpha-Omega ProjectsCybersecurity & Infrastructure Security Agency (Cisa)Tools to create SBOM About Barak BrudoBarak Brudo helps organizat ... Show More
38m 35s
Oct 2023
AI Threats & Opportunities in Cyber Security With Material Security Co-Founder Ryan Noon
Cyber Security is going to change significantly in the era of AI, according to Ryan Noon, cofounder of Material Security, a security company that makes cloud-based Google and Microsoft email a safe place for sensitive data. Elad Gil and Ryan talk about how Material Security start ... Show More
36m 22s
Listen to millions of songs and podcasts on Anghami