The Elephant in the Pipeline: Securing the Wild, Untamed Software Supply Chain - Pete Morgan - ESW #348

We've seen general users targeted with phishing, financial employees targeted for BEC scams, and engineers targeted for access to infrastructure. The truly scary attacks, however, are the indirect ones that are automated. The threats that come in via software updates, or trusted connections with third parties. The software supply chain is both absolutely essential, and fragile. A single developer pulling a tiny library out of NPM can cause chaos. A popular open source project changing hands could instantly give access to millions of systems. Every day, a new app store or component repository pops up and becomes critical to maintaining infrastructure. In this interview, we'll chat with Pete Morgan about how these risks can be managed and mitigated. Segment Resources: https://blog.phylum.io/q3-2023-evolution-of-software-supply-chain-security-report/ https://blog.phylum.io/software-supply-chain-security-research-report-q2-2023/ https://blog.phylum.io/q1-2023-evolution-of-software-supply-chain-security/ Segment description coming soon! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-348

Om Podcasten

Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!