Go offline with the Player FM app!
The Elephant in the Pipeline: Securing the Wild, Untamed Software Supply Chain - Pete Morgan - ESW #348
Manage episode 398784135 series 2794678
We've seen general users targeted with phishing, financial employees targeted for BEC scams, and engineers targeted for access to infrastructure. The truly scary attacks, however, are the indirect ones that are automated. The threats that come in via software updates, or trusted connections with third parties.
The software supply chain is both absolutely essential, and fragile. A single developer pulling a tiny library out of NPM can cause chaos. A popular open source project changing hands could instantly give access to millions of systems. Every day, a new app store or component repository pops up and becomes critical to maintaining infrastructure.
In this interview, we'll chat with Pete Morgan about how these risks can be managed and mitigated.
Segment Resources:
- https://blog.phylum.io/q3-2023-evolution-of-software-supply-chain-security-report/
- https://blog.phylum.io/software-supply-chain-security-research-report-q2-2023/
- https://blog.phylum.io/q1-2023-evolution-of-software-supply-chain-security/
Show Notes: https://securityweekly.com/esw-348
946 episodes
Manage episode 398784135 series 2794678
We've seen general users targeted with phishing, financial employees targeted for BEC scams, and engineers targeted for access to infrastructure. The truly scary attacks, however, are the indirect ones that are automated. The threats that come in via software updates, or trusted connections with third parties.
The software supply chain is both absolutely essential, and fragile. A single developer pulling a tiny library out of NPM can cause chaos. A popular open source project changing hands could instantly give access to millions of systems. Every day, a new app store or component repository pops up and becomes critical to maintaining infrastructure.
In this interview, we'll chat with Pete Morgan about how these risks can be managed and mitigated.
Segment Resources:
- https://blog.phylum.io/q3-2023-evolution-of-software-supply-chain-security-report/
- https://blog.phylum.io/software-supply-chain-security-research-report-q2-2023/
- https://blog.phylum.io/q1-2023-evolution-of-software-supply-chain-security/
Show Notes: https://securityweekly.com/esw-348
946 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.