Name: Supply Chains, Firmware, And Patching – Jason Kikta – BTS #29
Uploaded: 2024-05-08T17:00:00.000America/New_York
Description: Supply Chains, Firmware, And Patching – Jason Kikta – BTS #29

Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current challenges with patch management.

This segment is sponsored by Eclypsium. Visit <a rel="noopener" target="_blank" href="https://securityweekly.com/eclypsium">https://securityweekly.com/eclypsium</a> to learn more about them!

Featured image for {“vendor”:”ppworks”,”type”:”episode”,”id”:”3165″} podcast from PPWorks

Below the surface listeners can learn more about Eclypsium by visiting eclypsium.com/go - there you will find the “Ultimate guide to supply chain security”, an on-demand webinar I presented called “Unraveling Digital Supply Chain Threats and Risk”, a paper on the relationship between ransomware and the supply chain, and a customer case study with Digital Ocean. If you are interested in seeing our product in action you can also sign up for a demo, you can get all that at eclypsium.com/go!

BTS EVERY SHOW

Maya Posch over on Hackaday did a much more in-depth and eloquent piece on what's wrong with the recent "technical report" about memory-safe languages from White House’s Office of the National Cyber Director than our coverage last week, so I wanted to revisit.

Her main point is this is the work of politicians trying to sound tech-savy while ignoring mistakes similar politicians have made in the past, looking at the "Steelman requirements" from 1997 that ranked Ada best and C worst, how memory safety does nothing for input validation and output encoding, and how even recently NSA and CISA put out a paper on memory safety which seems to have made this one from ONCD unnecessary.

The White House Memory Safety Appeal Is A Security Red Herring

Pascal was the first programming language that I formally learned at school (I self-thought on basic, C, and 6502 ASM). While most of us quickly ran away from Pascal for commercial use, it was a good language at the time for learning how to code.

(hopefully not paywalled)

RIP Niklaus Wirth, father of Pascal

Headshot for Jason Kikta from PPWorks

CISO

Jason Kikta

Headshot for Paul Asadoorian from PPWorks

Principal Security Researcher

Paul Asadoorian

Headshot for John Loucaides from PPWorks

SVP Strategy

John Loucaides

Vulnerability Management

Supply chain

Patch/Configuration Management

Interview

Supply Chains, Firmware, And Patching – Jason Kikta – BTS #29

Below the Surface: The Supply Chain Security Podcast

A lively discussion of the threats affecting supply chain, specifically focused on firmware and low-level code that is a blind spot for many organizations. This podcast will feature guests from the cybersecurity industry discussing the problems surrounding supply chain-related issues and potential solutions.

Supply Chains, Firmware, And Patching – Jason Kikta – BTS #29

Full Audio

Segments

1. Supply Chains, Firmware, And Patching – Jason Kikta – BTS #29

Sponsored By

Announcements

Guest

Hosts

Related

Tesla, Druids, Salt Typhoon, North Korea, Amazon, Microsoft, Google, Joshua Marpet… – SWN #433

Fortinet, Palo Alto, VMWare – PSW #852

Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and… – SWN #432