Artwork

İçerik Tromzo tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Tromzo veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
Player FM - Podcast Uygulaması
Player FM uygulamasıyla çevrimdışı Player FM !

EP 53 — ReversingLabs's Dave Ferguson on Securing Your Software Supply Chains

24:24
 
Paylaş
 

Manage episode 395903395 series 3330694
İçerik Tromzo tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Tromzo veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.

In this episode of the Future of Application Security, Harshil speaks with Dave Ferguson, Director of Technical Product Management, Software Supply Chain Security at ReversingLabs, which offers software supply chain security analysis platform. They discuss the rising need for software supply chain security as a result of the complexities around how software is built today. They also talk about ways to identify novel attacks through analyzing software behaviors, how efforts like SBOMs and registries help increase transparency, and why software supply chain security needs to evolve from just looking for vulnerabilities.

Topics discussed:

  • How Dave's diverse background in security, as well as his piqued interest around the SolarWinds and 3CX attacks, led to his focus on software supply chain security today.
  • How a product manager leads by working with development teams, meeting with customers, incorporating new features and integrations, and helping bring new solutions to market.
  • How the complexities associated with building software today — like open source and automation — have increased the possibility of adversaries slipping in.
  • Why analyzing software behavior across previous builds and seeing what's changed can help flag novel attacks.
  • Today's trends that are increasing transparency in software creation, including the rising demand for SBOMs and the possibility of trust registries for commercial software.
  • Why software supply chain security approaches need to move beyond just looking at vulnerabilities to find ways to root out all malicious activity.

RELATED RESOURCE:

Today, most application security tools are designed to find vulnerabilities, not fix them. What is noise and what is risk? And, more importantly, how do you accelerate the remediation of the most critical vulnerabilities? The answer lies within one key metric — Mean Time to Remediate (MTTR).

Taking a better strategy to decrease your MTTR and keep your organization safe can begin today — download the paper to learn how.

  continue reading

60 bölüm

Artwork
iconPaylaş
 
Manage episode 395903395 series 3330694
İçerik Tromzo tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Tromzo veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.

In this episode of the Future of Application Security, Harshil speaks with Dave Ferguson, Director of Technical Product Management, Software Supply Chain Security at ReversingLabs, which offers software supply chain security analysis platform. They discuss the rising need for software supply chain security as a result of the complexities around how software is built today. They also talk about ways to identify novel attacks through analyzing software behaviors, how efforts like SBOMs and registries help increase transparency, and why software supply chain security needs to evolve from just looking for vulnerabilities.

Topics discussed:

  • How Dave's diverse background in security, as well as his piqued interest around the SolarWinds and 3CX attacks, led to his focus on software supply chain security today.
  • How a product manager leads by working with development teams, meeting with customers, incorporating new features and integrations, and helping bring new solutions to market.
  • How the complexities associated with building software today — like open source and automation — have increased the possibility of adversaries slipping in.
  • Why analyzing software behavior across previous builds and seeing what's changed can help flag novel attacks.
  • Today's trends that are increasing transparency in software creation, including the rising demand for SBOMs and the possibility of trust registries for commercial software.
  • Why software supply chain security approaches need to move beyond just looking at vulnerabilities to find ways to root out all malicious activity.

RELATED RESOURCE:

Today, most application security tools are designed to find vulnerabilities, not fix them. What is noise and what is risk? And, more importantly, how do you accelerate the remediation of the most critical vulnerabilities? The answer lies within one key metric — Mean Time to Remediate (MTTR).

Taking a better strategy to decrease your MTTR and keep your organization safe can begin today — download the paper to learn how.

  continue reading

60 bölüm

Tüm bölümler

×
 
Loading …

Player FM'e Hoş Geldiniz!

Player FM şu anda sizin için internetteki yüksek kalitedeki podcast'leri arıyor. En iyi podcast uygulaması ve Android, iPhone ve internet üzerinde çalışıyor. Aboneliklerinizi cihazlar arasında eş zamanlamak için üye olun.

 

Hızlı referans rehberi