Bloomberg Daybreak delivers today's top stories, with context, in just 15 minutes. Get informed from Bloomberg's 2,700 journalists and analysts in 120 countries.
…
continue reading
Content provided by MySecurity Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by MySecurity Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
Similar cu Cyber Security Weekly Podcast
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman, Matthew Brown, and Rob Litterst from The Hustle.
…
continue reading
The economy and the markets are "under surveillance" as we cover the latest in finance, economics and investment. Listen to Jonathan Ferro, Lisa Abramowicz and Annmarie Hordern for the top interviews from Bloomberg Surveillance Television. And join Tom Keene and Paul Sweeney for the best conversations from Bloomberg Surveillance Radio. Watch Surveillance TV LIVE each mornings: http://bit.ly/3P7nstQ. Watch Surveillance Radio LIVE weekday mornings: http://bit.ly/3vTiACF.
…
continue reading
Our weekly podcast from Politics Home discussing all the ups and downs in Westminster. Please subscribe and share - and keep up with all the latest news on PoliticsHome.com. Got a question for the team? news@politicshome.com.
…
continue reading
Welcome to Crimetown, a series produced by Marc Smerling and Zac Stuart-Pontier in partnership with Gimlet Media. Each season, we investigate the culture of crime in a different city. In Season 2, Crimetown heads to the heart of the Rust Belt: Detroit, Michigan. From its heyday as Motor City to its rebirth as the Brooklyn of the Midwest, Detroit’s history reflects a series of issues that strike at the heart of American identity: race, poverty, policing, loss of industry, the war on drugs, an ...
…
continue reading
Hosted by former Marvel entertainment lawyer Paul Sarker and entertainment enthusiast Mesh Lakhani, Better Call Paul will delve into the business and legal issues at play behind the glitz and glam. This show takes you beyond the catchy headlines to find out what’s really at play behind the scenes and gives you an introduction to the business side of show business.
…
continue reading
Crypto assets and blockchain technology are about to transform every trust-based interaction of our lives, from financial services to identity to the Internet of Things. In this podcast, host Laura Shin, an independent journalist covering all things crypto, talks with industry pioneers about how crypto assets and blockchains will change the way we earn, spend and invest our money. Tune in to find out how Web 3.0, the decentralized web, will revolutionize our world. Disclosure: I'm a nocoiner.
…
continue reading
The Jacaranda FM News team is based in Gauteng – but covers local and international news of the day, providing the latest developments online and on-air. News bulletins run from 5am to 7pm weekdays, and from 7am to 6pm on weekends and public holidays. Tune into Jacaranda FM, or log on to www.jacarandafm.com, for the news you need to know.. now.
…
continue reading
The day's biggest news dissected by the day's newsmakers. Diverse opinions from across the political spectrum. The show that makes you decide, are you the Left, Right or the Centre?
…
continue reading
An independent podcast examining what the U.S. Congress is doing with our money and in our names. www.congressionaldish.com Follow @JenBriney on Twitter
…
continue reading
Player FM - Aplicație Podcast
Treceți offline cu aplicația Player FM !
Treceți offline cu aplicația Player FM !
))
Episode 415 - The Risk Story – Software Supply Chain Security
Manage episode 442136769 series 2494686
Content provided by MySecurity Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by MySecurity Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
We sat down with Cassie Crosley to explore the complexities of supply chain risks, particularly within the realm of operational technology (OT).
Comprehensive Supply Chain Security - Crosley detailed the various stages in the supply chain—design, development, and fabrication—where both deliberate and accidental abuses can occur. Each stage presents unique risks, such as compromised design specifications, development flaws, or issues during fabrication. She emphasized that securing the software supply chain requires a holistic approach that goes beyond protecting just software; it must also include firmware and hardware. For example, when working with an Intel chip, securing both the software and firmware associated with that chip is critical. Firmware, which operates at a low level on hardware, is vital for overall system security. Any vulnerabilities in firmware can significantly compromise the entire system, making it essential to secure it alongside software and hardware.
Challenges in Secure by Design - Crosley also noted that while "secure by design" principles often originate from an IT perspective, they may not seamlessly translate to OT environments. This disparity creates challenges, as certain IT security measures, like multi-factor authentication (MFA), may not be practical or necessary in OT due to specific operational needs. Additionally, OT devices are often multi-generational, increasing the risk of outdated security designs. OT systems, such as programmable logic controllers (PLCs) used in industrial settings, have distinct requirements and constraints, necessitating tailored security approaches.
Automated Patching Issues - Crosley highlighted that automated patching in OT environments can pose safety concerns and lead to downtime. Unlike IT systems where automated updates are common, OT systems often require careful, manual handling to avoid disrupting critical processes. Automated patching can interfere with vital safety mechanisms, underscoring the need for controlled and deliberate update management.
SBOM (Software Bills of Materials) - Crosley pointed out that while generating accurate Software Bills of Materials (SBOMs) for modern technologies is relatively straightforward, it becomes more complex for multi-generational OT products due to outdated build practices and the limitations of current scanning tools. While scanners effectively identify open-source components, they struggle with proprietary or commercial libraries, and discrepancies in version identification can be problematic, particularly if certain versions have known vulnerabilities.
Role of AI in Software Development – She also pointed out how AI can quickly analyze vast amounts of data, identifying risks and correlations between projects that would take humans much longer to detect. For example, AI can track a maintainer's contributions across multiple projects to spot potential security risks, such as involvement in both malicious and non-malicious projects. AI is also increasingly offering developers precise guidance on addressing specific vulnerabilities. Instead of generic suggestions, AI now recommends the best code modifications for a given context, speeding up development and enhancing code security.
Supplier Assessment - Crosley advised that supplier assessments should focus on specific aspects of vulnerability management and product security rather than generic compliance questions. It's crucial to inquire about suppliers' vulnerability management practices and their methods for ensuring product security. She emphasized the importance of transparency from suppliers regarding their manufacturing processes, product variations, and supply chain details, advocating for detailed questions to effectively understand and mitigate risks.
Positive Cultural Shift - Crosley shared an encouraging trend where companies are increasingly prioritizing supply chain security. A notable example is a supplier that created a position for a Product Security Officer after facing rigorous scrutiny, reflecting a positive shift towards more robust supply chain security practices.
Cassie Crossley, Vice President, Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware”. She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, program management, and data privacy.
#mysecuritytv
50 episoade
Distribuie
Manage episode 442136769 series 2494686
Content provided by MySecurity Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by MySecurity Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
We sat down with Cassie Crosley to explore the complexities of supply chain risks, particularly within the realm of operational technology (OT).
Comprehensive Supply Chain Security - Crosley detailed the various stages in the supply chain—design, development, and fabrication—where both deliberate and accidental abuses can occur. Each stage presents unique risks, such as compromised design specifications, development flaws, or issues during fabrication. She emphasized that securing the software supply chain requires a holistic approach that goes beyond protecting just software; it must also include firmware and hardware. For example, when working with an Intel chip, securing both the software and firmware associated with that chip is critical. Firmware, which operates at a low level on hardware, is vital for overall system security. Any vulnerabilities in firmware can significantly compromise the entire system, making it essential to secure it alongside software and hardware.
Challenges in Secure by Design - Crosley also noted that while "secure by design" principles often originate from an IT perspective, they may not seamlessly translate to OT environments. This disparity creates challenges, as certain IT security measures, like multi-factor authentication (MFA), may not be practical or necessary in OT due to specific operational needs. Additionally, OT devices are often multi-generational, increasing the risk of outdated security designs. OT systems, such as programmable logic controllers (PLCs) used in industrial settings, have distinct requirements and constraints, necessitating tailored security approaches.
Automated Patching Issues - Crosley highlighted that automated patching in OT environments can pose safety concerns and lead to downtime. Unlike IT systems where automated updates are common, OT systems often require careful, manual handling to avoid disrupting critical processes. Automated patching can interfere with vital safety mechanisms, underscoring the need for controlled and deliberate update management.
SBOM (Software Bills of Materials) - Crosley pointed out that while generating accurate Software Bills of Materials (SBOMs) for modern technologies is relatively straightforward, it becomes more complex for multi-generational OT products due to outdated build practices and the limitations of current scanning tools. While scanners effectively identify open-source components, they struggle with proprietary or commercial libraries, and discrepancies in version identification can be problematic, particularly if certain versions have known vulnerabilities.
Role of AI in Software Development – She also pointed out how AI can quickly analyze vast amounts of data, identifying risks and correlations between projects that would take humans much longer to detect. For example, AI can track a maintainer's contributions across multiple projects to spot potential security risks, such as involvement in both malicious and non-malicious projects. AI is also increasingly offering developers precise guidance on addressing specific vulnerabilities. Instead of generic suggestions, AI now recommends the best code modifications for a given context, speeding up development and enhancing code security.
Supplier Assessment - Crosley advised that supplier assessments should focus on specific aspects of vulnerability management and product security rather than generic compliance questions. It's crucial to inquire about suppliers' vulnerability management practices and their methods for ensuring product security. She emphasized the importance of transparency from suppliers regarding their manufacturing processes, product variations, and supply chain details, advocating for detailed questions to effectively understand and mitigate risks.
Positive Cultural Shift - Crosley shared an encouraging trend where companies are increasingly prioritizing supply chain security. A notable example is a supplier that created a position for a Product Security Officer after facing rigorous scrutiny, reflecting a positive shift towards more robust supply chain security practices.
Cassie Crossley, Vice President, Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware”. She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, program management, and data privacy.
#mysecuritytv
50 episoade
Toate episoadele
×
Bun venit la Player FM!
Player FM scanează web-ul pentru podcast-uri de înaltă calitate pentru a vă putea bucura acum. Este cea mai bună aplicație pentru podcast și funcționează pe Android, iPhone și pe web. Înscrieți-vă pentru a sincroniza abonamentele pe toate dispozitivele.
Similar cu Cyber Security Weekly Podcast
Bloomberg Daybreak delivers today's top stories, with context, in just 15 minutes. Get informed from Bloomberg's 2,700 journalists and analysts in 120 countries.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman, Matthew Brown, and Rob Litterst from The Hustle.
…
continue reading
The economy and the markets are "under surveillance" as we cover the latest in finance, economics and investment. Listen to Jonathan Ferro, Lisa Abramowicz and Annmarie Hordern for the top interviews from Bloomberg Surveillance Television. And join Tom Keene and Paul Sweeney for the best conversations from Bloomberg Surveillance Radio. Watch Surveillance TV LIVE each mornings: http://bit.ly/3P7nstQ. Watch Surveillance Radio LIVE weekday mornings: http://bit.ly/3vTiACF.
…
continue reading
Our weekly podcast from Politics Home discussing all the ups and downs in Westminster. Please subscribe and share - and keep up with all the latest news on PoliticsHome.com. Got a question for the team? news@politicshome.com.
…
continue reading
Welcome to Crimetown, a series produced by Marc Smerling and Zac Stuart-Pontier in partnership with Gimlet Media. Each season, we investigate the culture of crime in a different city. In Season 2, Crimetown heads to the heart of the Rust Belt: Detroit, Michigan. From its heyday as Motor City to its rebirth as the Brooklyn of the Midwest, Detroit’s history reflects a series of issues that strike at the heart of American identity: race, poverty, policing, loss of industry, the war on drugs, an ...
…
continue reading
Hosted by former Marvel entertainment lawyer Paul Sarker and entertainment enthusiast Mesh Lakhani, Better Call Paul will delve into the business and legal issues at play behind the glitz and glam. This show takes you beyond the catchy headlines to find out what’s really at play behind the scenes and gives you an introduction to the business side of show business.
…
continue reading
Crypto assets and blockchain technology are about to transform every trust-based interaction of our lives, from financial services to identity to the Internet of Things. In this podcast, host Laura Shin, an independent journalist covering all things crypto, talks with industry pioneers about how crypto assets and blockchains will change the way we earn, spend and invest our money. Tune in to find out how Web 3.0, the decentralized web, will revolutionize our world. Disclosure: I'm a nocoiner.
…
continue reading
The Jacaranda FM News team is based in Gauteng – but covers local and international news of the day, providing the latest developments online and on-air. News bulletins run from 5am to 7pm weekdays, and from 7am to 6pm on weekends and public holidays. Tune into Jacaranda FM, or log on to www.jacarandafm.com, for the news you need to know.. now.
…
continue reading
The day's biggest news dissected by the day's newsmakers. Diverse opinions from across the political spectrum. The show that makes you decide, are you the Left, Right or the Centre?
…
continue reading
An independent podcast examining what the U.S. Congress is doing with our money and in our names. www.congressionaldish.com Follow @JenBriney on Twitter
…
continue reading
Player FM - Aplicație Podcast
Treceți offline cu aplicația Player FM !
Treceți offline cu aplicația Player FM !
