Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils – Idan Plotnik, Luis Villa, Erez Hasson – ASW #287
Full Audio
View Show IndexSegments
1. Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils – Luis Villa – ASW #287
Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and trust.
Segment Resources:
- https://www.cisa.gov/news-events/news/lessons-xz-utils-achieving-more-sustainable-open-source-ecosystem
- https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
- https://www.cisa.gov/securebydesign/pledge
- https://tidelift.com/about/press-releases/tidelift-study-reveals-that-despite-increasing-demands-from-government-and-industry-60-of-maintainers-are-still-unpaid-volunteers
- https://blog.tidelift.com/paying-maintainers-the-howto
Announcements
Dive into cybersecurity with CyberRisk Alliance for exclusive insights from RSA Conference 2024. Explore executive interviews with industry leaders, uncovering visionary perspectives on threats and strategies. Delve into curated articles on trends and innovations, equipping yourself with essential knowledge for today's cyber landscape. Visit securityweekly.com/RSAC for expert guidance and inspiration in navigating cybersecurity challenges confidently.
Guest
Luis Villa is co-founder at Tidelift and board member at Creative Commons and OpenET. During his career, he has been a top open source lawyer, a programmer, and a community manager. In previous roles, he has worked in the legal departments at the Wikimedia Foundation and Mozilla, and served on community-elected boards at the Open Source Initiative and GNOME Foundation.
Hosts
2. Bots are Taking Over the Internet & Defining ASPM – Idan Plotnik, Erez Hasson – ASW #287
Application security posture management has quickly become a hot commodity in the world of AppSec, but questions remain around what is defined by ASPM. Vendors have cropped up from different corners of the AppSec space to help security teams make their programs more effective, improve their security postures, and connect the dots between developers and security. Apiiro is setting the diamond standard for ASPM, combining deep code analysis, runtime context, and native risk detection with a 100% open platform approach, providing more valuable prioritization and a more powerful policy engine.
This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them!
Bots accounted for nearly half of all internet traffic in 2023, with bad bot traffic rising for a fifth consecutive year. Malicious bot activity is a significant risk for businesses as it can result in account compromise, higher infrastructure and support costs, customer churn, and more. Tune in to learn about the security risks of these automated threats and what trends Imperva has monitored.
This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them!
Sponsored By
Guests
Idan is a serial entrepreneur and product strategist, bringing nearly 20 years of experience in cybersecurity to Apiiro. Previously, Idan was Director of Engineering at Microsoft following the acquisition of Aorato where he served as the founder and CEO. Prior to founding Aorato, Idan was the co-founder and CEO at Foreity – an MS security subcontractor acquired by Aman Group in 2012.
Erez Hasson is an Application Security Specialist at Imperva. He oversees the go-to-market product strategy of Imperva Advanced Bot Protection, Imperva Account Takeover Protection, and Imperva Client-Side Protection. For nearly 10 years, Hasson has helped businesses understand how to protect their applications and websites from automated attacks and client-side threats. He holds a Bachelor of Arts degree from Sapir Academic College in Israel.
Hosts
