Supply Chain & Firmware Security – Xeno Kovah – PSW #811

AI generated description fun: "As the glasses are filled and the mood lightens, our veteran guests, each with a legendary tale or two tucked under their virtual belts, embark on a journey through the complex landscape of supply chain security. These old dogs share war stories, anecdotes, and hard-earned wisdom about the evolving challenges and threats that have shaped their illustrious careers. From the early days of computing to the present era of interconnected systems, our panelists delve into the intricacies of securing the supply chain. Expect insights on the timeless art of social engineering, the ever-expanding attack surface, and the unforeseen vulnerabilities that emerge when least expected."

Talking points:

• Define the different areas of supply chains * Hardware * Firmware / Low-Level Software * Operating systems and applications * Software you develop yourself
• Open-source software supply chains have interesting problems
• Detecting supply chain issues
• Who is responsible for supply chain security?

Firmware security is a deeply technical topic that's hard to get started in. In this episode of Below the Surface, Xeno will discuss some past work in firmware security, and how he has organized resources such as a low level timeline (with over 300 talks), and free MOOC classes, to help teach people about firmware security.

Segment Resources: https://ost2.fyi https://darkmentor.com/timeline.html

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!