Paul’s Security Weekly (Audio)
Technology
In the Security News: The Roblox prison yard, password manager problems, PyTorch gets torched with a supply chain attack, Oppenheimer cleared, Puckungfu, spice up your persistence with PHP, turning Google home into a wiretap device, Nintendo 3DS remote code execution, Linux kernel remove code execution, steaking cards in 2022 - The API way, and there is no software supply chain... and more!
This session explores software supply chain security and the details of System of Trust, a community effort to develop and validate a process for integrating evidence of the organizational, technical, and transactional trustworthiness of supply chain elements for decision makers dealing with supply chain security. This framework is defining, aligning, and addressing the specific concerns and risks that stand in the way of organizations’ trusting suppliers, supplies, and service offerings. More importantly, the framework offers a comprehensive, consistent, and repeatable methodology – for evaluating suppliers, supplies, and service offerings alike – that is based on decades of supply chain security experience, deep insights into the complex challenges facing the procurement and operations communities, and broad knowledge of the relevant standards and community best practices.
Segment Resources:
- https://sot.mitre.org/overview/about.html
- https://shiftleft.grammatech.com/automating-supply-chain-integrity
- https://www.reversinglabs.com/conversinglabs/robert_martin_mitre_software_supply_chain_system_of_trust
- https://www.mitre.org/sites/default/files/2022-11/PR-22-01488-20-cybersecurity-benefits-of-sbom-september-2022.pdf
- https://www.mitre.org/sites/default/files/2021-11/prs-21-0278-deliver-uncompromised-securing-critical-software-supply-chain.pdf
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/psw768
Hacker Heroes - Josh Corman - PSW Vault
Pen Testing As A Service - Seemant Sehgal - PSW #830
The Impacts Of Cryptocurrency - Nicholas Weaver - PSW #829
Corporate Ransomware Deep Dive - Jeremiah Grossman, Mikko Hypponen - PSW #828
Kicking Off With Crypto - PSW #827
Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826
PCI 4.0 - Winn Schwartau - PSW #825
Digging Into Supply Chain Security - James McMurry - PSW #824
XZ - Backdoors and The Fragile Supply Chain - PSW #823
Are we winning? - Jason Healey - PSW #822
Securing All The Things - Josh Corman - PSW #821
Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820
Facing the Reality of Risk Prioritization - Bianca Lewis (BiaSciLab), Dan DeCloss - PSW #819
Social Engineering: AI & Living Off The Land - Jayson E. Street - PSW #818
Illuminating Cybersecurity Wisdom: Insights from a Thought Leader - Wendy Nather - PSW Vault
Physical Security and Social Engineering - Hacker Heroes: Toby Miller - PSW #817
You Can’t Defend What You Can’t Define - Sergey Bratus - PSW #816
Identifying Bad By Defining Good - Danny Jenkins - PSW #815
What Smart CISOs and Mature Orgs Get That Others Don’t About Cyber Compliance - Matt Coose - PSW #814
K-12 Cybersecurity - Brian Stephens - PSW #813
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast