Software Supply Chain Security with Michael Lieberman

SEDaily
By
Podcast Wednesday, December 6 2023

Podcast: Play in new window | Download

Subscribe: RSS

One of the most famous software exploits in recent years was the SolarWinds attack in 2020. In this attack, Russian hackers inserted malicious code into the SolarWinds Orion system, allowing them to infiltrate the systems of numerous corporations and government agencies, including the U.S. executive branch, military, and intelligence services.

This was an example of a software supply chain attack, which exploits interdependencies within software ecosystems. Software supply chain security is a growing issue, and is particularly important for companies that rely on large numbers of open source dependencies.

Michael Lieberman is the Co-Founder and CTO of Kusari and has an extensive background in software security from his time at Citi Bank, MUFG and Bridgewater. He’s also active in the open source and security communities, including the Open Source Security Foundation and Cloud Native Computing Foundation. Michael joins the show today to talk about challenges and strategies in software supply chain security.

Gregor Vand is a security-focused technologist, and is the founder and CTO of Mailpass. Previously, Gregor was a CTO across cybersecurity, cyber insurance and general software engineering companies. He has been based in Asia Pacific for almost a decade and can be found via his profile at vand.hk.

 

SEDaily

Sponsors

An award-winning strategic partner of AWS, Google Cloud and Microsoft Azure, DoiT works alongside more than 3,000 customers to save them time and money.

Combining intelligent software with expert consultancy and unlimited support, DoiT delivers the true promise of the cloud at peak efficiency with ease, not cost.

Turbocharge your growth and optimize your cloud investment so you can concentrate on what you’re good at – quickly growing your business. Learn more at doit.com.

POPULAR

Software Daily

Software Daily

 
Subscribe to Software Daily, a curated newsletter featuring the best and newest from the software engineering community.


Exclusive Articles

Making OAuth and OIDC Accessible to Developers

Weaving Generative AI into DevSecOps

Developing Dave the Diver with Jaeho Hwang and Minsuk Cha

Cloud Engineering

Building Chess.com with Jay Severson

Mastodon with Eugen Rochko

AWS re:Invent Special: PartyRock Generative AI Apps with Mike Miller

Business and Philosophy

Startup Investing with George Mathew

KubeCon Special: Docker with Justin Cormack

Software Architecture with Josh Prismon

Greatest Hits

Hardening C++ with Bjarne Stroustrup

Surviving ChatGPT with Christian Hubicki

Special Episode with George Hotz

Popular

  1. Database Scaling at Figma with Sammy Steele
  2. Why We Switched from Python to Go
  3. Slack Data Platform with Josh Wills
  4. SolidJS with Ryan Carniato
  5. AI-Driven Observability at Kentik with Avi Freedman

Hackers

Making React 70% faster with Aiden Bai of Million.js

Cross-functional Incident Management with Ashley Sawatsky and Niall Murphy

SDKs for your API with Sagar Batchu

Data

Spring AI and Java in 2024

Iceberg at Netflix and Beyond with Ryan Blue

Building a Data Lake with Adam Ferrari