Episode 535: Dan Lorenc on Supply Chain Attacks
Software Engineering Radio - the podcast for professional software developers25 Okt 2022

Episode 535: Dan Lorenc on Supply Chain Attacks

Dan Lorenc, CEO of Chainguard, a software supply chain security company, joins SE Radio editor Robert Blumen to talk about software supply chain attacks. They start with a review of software supply chain basics; how outputs become inputs of someone else's supply chain; techniques for attacking the supply chain, including compromising the compilers, injecting code into installers, dependency confusion, and typo squatting. They also consider Ken Thompson's paper on injecting a backdoor into the C compiler. The episode then considers some well-known supply chain attacks: researcher Alex Birsan's dependency confusion attack; the log4shell attack on the Java Virtual Machine; the pervasiveness of compilers and interpreters where you don't expect them; the SolarWinds attack on a network security product; and CodeCov compromising the installer with code to insert exfiltration of environment variables into the installer. The conversation ends with some lessons learned, including how to protect your supply chain and the challenge of dependencies with modern languages.

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(726)

Episode 5: Model-Driven Software Development Pt. 1

Episode 5: Model-Driven Software Development Pt. 1

In this Episode, Eberhard and Markus provide an introduction to Model-Driven Software Development. Since the discussion turned out to be too long, we separated things into two episodes, thus Episode 6...

9 Feb 200633min

Episode 4: Scripting Languages

Episode 4: Scripting Languages

In this Episode, Alexander and Markus talk about scripting languages. Topics include the definition of what a scripting language is, typical usage scenarios, performance issues, programming styles and...

1 Feb 200637min

Episode 3: Interview Doug Schmidt

Episode 3: Interview Doug Schmidt

In this episode we talk with Doug Schmidt. Doug is a professor of computer science at Vanderbilt University and a well-respected authority in the fields of middleware, patterns and model-driven develo...

25 Jan 200658min

Episode 2: Dependencies

Episode 2: Dependencies

Eberhard and Markus discuss the important topic of associations and dependencies in this show. While OO languages provide direct support for subtyping, most don't provide a first-class construct for o...

24 Jan 200639min

Episode 1: Patterns

Episode 1: Patterns

In this episode Michael and Markus talk about patterns. Starting with some of their "most used" patterns, they go into some detail about the history of patterns. They then discuss the various pattern ...

22 Jan 200635min

Episode 0: About

Episode 0: About

This is the first episode (actually, episode zero) of software engineering radio. The episode does not contain real content, rather, Markus explains what the podcast is all about.

21 Jan 20065min

Populært innen Fakta

fastlegen
dine-penger-pengeradet
relasjonspodden-med-dora-thorhallsdottir-kjersti-idem
rss-bisarr-historie
foreldreradet
treningspodden
jakt-og-fiskepodden
rss-strid-de-norske-borgerkrigene
mikkels-paskenotter
rss-sunn-okonomi
sinnsyn
rss-kunsten-a-leve
dopet
hverdagspsyken
rss-kull
lederskap-nhhs-podkast-om-ledelse
fryktlos
hagespiren-podcast
gravid-uke-for-uke
rss-impressions-2