Episode 535: Dan Lorenc on Supply Chain Attacks
Software Engineering Radio - the podcast for professional software developers25 Loka 2022

Episode 535: Dan Lorenc on Supply Chain Attacks

Dan Lorenc, CEO of Chainguard, a software supply chain security company, joins SE Radio editor Robert Blumen to talk about software supply chain attacks. They start with a review of software supply chain basics; how outputs become inputs of someone else's supply chain; techniques for attacking the supply chain, including compromising the compilers, injecting code into installers, dependency confusion, and typo squatting. They also consider Ken Thompson's paper on injecting a backdoor into the C compiler. The episode then considers some well-known supply chain attacks: researcher Alex Birsan's dependency confusion attack; the log4shell attack on the Java Virtual Machine; the pervasiveness of compilers and interpreters where you don't expect them; the SolarWinds attack on a network security product; and CodeCov compromising the installer with code to insert exfiltration of environment variables into the installer. The conversation ends with some lessons learned, including how to protect your supply chain and the challenge of dependencies with modern languages.

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(726)

Episode 69: Nico Josuttis on SOA (SOA Pt. 3)

Episode 69: Nico Josuttis on SOA (SOA Pt. 3)

This Episode is part five in our (probably ongoing) series on service oriented architecture. In this episode we talk to Nico Josuttis, who has recently published a book on this topic. As its title "SO...

24 Syys 200756min

Episode 68: Dan Grossman on Garbage Collection and Transactional Memory

Episode 68: Dan Grossman on Garbage Collection and Transactional Memory

This episode features a discussion with Dan Grossman about an essay paper he wrote for this year's OOPSLA conference. The paper is about an analogy between garbage collection and transactional memory....

14 Syys 200754min

Episode 67: Roundtable on MDSD and PLE

Episode 67: Roundtable on MDSD and PLE

This is a roundtable discussion on model-driven software develoment and product line engineering. It was recorded at the Model-Driven Development and Product Lines: Synergies and Experience conference...

4 Syys 200748min

Episode 66: Gary McGraw on Security

Episode 66: Gary McGraw on Security

This episode features an interview with the software security expert Gary McGraw. Gary explains why this topic is so important and gives several security deficiencies examples that he found in the pas...

24 Elo 200741min

Episode 65: Introduction to Embedded Systems

Episode 65: Introduction to Embedded Systems

This episode is an introduction to embedded system. It is an introduction in the sense that we cover many topics very briefly: upcoming episodes will provides details for many of these topics. We star...

14 Elo 200744min

Episode 64: Luke Hohmann on Architecture and Business

Episode 64: Luke Hohmann on Architecture and Business

In this episode we talk about the relationship between software architecture and the business. Based on his book, Beyond Software Architecture we discuss how things such as branding, licensing, updat...

4 Elo 200752min

Episode 63: A Pattern Language for Distributed Systems with Henney and Buschmann

Episode 63: A Pattern Language for Distributed Systems with Henney and Buschmann

In this Episode we talked about the new POSA 4 book which has recently been published. We talk to two of the authors, Kevlin Henney and Frank Buschmann (the third author, Doug Schmidt was not availabl...

25 Heinä 20071h 6min

Episode 62: Martin Odersky on Scala

Episode 62: Martin Odersky on Scala

In this Episode we talk about the Scala language with its creator Martin Odersky. Scala is a language that fuses object oriented and functional programming. Martin started out by providing a two-minut...

15 Heinä 200753min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
kesken
rss-niinku-asia-on
psykologia
rss-valo-minussa-2
rss-narsisti
rss-vapaudu-voimaasi
adhd-podi
rss-rahamania
rss-liian-kuuma-peruna
rss-laadukasta-ensihoitoa
rss-arkea-ja-aurinkoa-podcast-espanjasta
rss-hereilla
rahapuhetta
aamukahvilla
dreamtalk
ihminen-tavattavissa-tommy-hellsten-instituutti
rss-mentalrace