Episode 535: Dan Lorenc on Supply Chain Attacks
Software Engineering Radio - the podcast for professional software developers25 Okt 2022

Episode 535: Dan Lorenc on Supply Chain Attacks

Dan Lorenc, CEO of Chainguard, a software supply chain security company, joins SE Radio editor Robert Blumen to talk about software supply chain attacks. They start with a review of software supply chain basics; how outputs become inputs of someone else's supply chain; techniques for attacking the supply chain, including compromising the compilers, injecting code into installers, dependency confusion, and typo squatting. They also consider Ken Thompson's paper on injecting a backdoor into the C compiler. The episode then considers some well-known supply chain attacks: researcher Alex Birsan's dependency confusion attack; the log4shell attack on the Java Virtual Machine; the pervasiveness of compilers and interpreters where you don't expect them; the SolarWinds attack on a network security product; and CodeCov compromising the installer with code to insert exfiltration of environment variables into the installer. The conversation ends with some lessons learned, including how to protect your supply chain and the challenge of dependencies with modern languages.

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(726)

SE Radio 673: Abhinav Kimothi on Retrieval-Augmented Generation

SE Radio 673: Abhinav Kimothi on Retrieval-Augmented Generation

In this episode of Software Engineering Radio, Abhinav Kimothi sits down with host Priyanka Raghavan to explore retrieval-augmented generation (RAG), drawing insights from Abhinav's book, A Simple Gui...

18 Juni 202555min

SE Radio 672: Luca Palmieri on Rust In Production

SE Radio 672: Luca Palmieri on Rust In Production

Luca Palmieri, author of Zero to Production in Rust and Principal Engineering Consultant at MainMatter, speaks with SE Radio host Gavin Henry about Rust in production. They discuss what production Rus...

12 Juni 202557min

SE Radio 671: Carson Gross on HTMX

SE Radio 671: Carson Gross on HTMX

In this episode, SE Radio host Sriram Panyam explores HTMX with its creator, Carson Gross, who is also creator of Hyperscript, the mind behind the Grug Brained Developer, a professor of software engin...

4 Juni 20251h 15min

SE Radio 670: Matthias Endler on Prototype in Rust

SE Radio 670: Matthias Endler on Prototype in Rust

Matthias Endler, Rust developer, open-source maintainer, and consultant through his company Corrode, speaks with SE Radio host Gavin Henry about prototyping in Rust. They discuss prototyping and why R...

29 Maj 20251h 1min

SE Radio 669: Will McGugan on Text-Based User Interfaces

SE Radio 669: Will McGugan on Text-Based User Interfaces

Will McGugan, the CEO and founder of Textualize, speaks with host Gregory M. Kapfhammer about how to use packages such as Rich and Textual to build text-based user interfaces (TUIs) and command-line i...

20 Maj 202551min

SE Radio 668: Steve Summers on Securing Test and Measurement Equipment

SE Radio 668: Steve Summers on Securing Test and Measurement Equipment

Steve Summers speaks with SE Radio host Sam Taggart about securing test and measurement equipment. They start by differentiating between IT and OT (Operational Technology) and then discuss the threat ...

13 Maj 202554min

SE Radio 667: Ashley Peacock on Cloudflare

SE Radio 667: Ashley Peacock on Cloudflare

Ashley Peacock, the author of Serverless Apps on Cloudflare, speaks with host Jeremy Jung about content delivery networks (CDNs). Along the way, they examine dependency injection with bindings, local ...

7 Maj 20251h 4min

SE Radio 666: Eran Yahav on the Tabnine AI Coding Assistant

SE Radio 666: Eran Yahav on the Tabnine AI Coding Assistant

Eran Yahav, Professor of Computer Science at Technion, Israel, and CTO of Tabnine, speaks with host Gregory M. Kapfhammer about the Tabnine AI coding assistant. They discuss how the design and impleme...

29 Apr 20251h 2min

Populärt inom Utbildning

historiepodden-se
rss-bara-en-till-om-missbruk-medberoende-2
det-skaver
harrisons-dramatiska-historia
nu-blir-det-historia
allt-du-velat-veta
johannes-hansen-podcast
not-fanny-anymore
roda-vita-rosen
rss-viktmedicinpodden
sa-in-i-sjalen
i-vantan-pa-katastrofen
rss-max-tant-med-max-villman
sektledare
rss-foraldramotet-bring-lagercrantz
rikatillsammans-om-privatekonomi-rikedom-i-livet
kan-jag-sa-kan-du-podden
rss-om-vi-ska-vara-arliga
rss-sjalsligt-avkladd
rss-traningsklubben