Exploring vulnerabilities of off-the-shelf software. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Technology, Daily News, News, Tech News

4.8 • 1.1K Ratings

🗓️ 21 August 2021

⏱️ 15 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Guest Tomislav Peričin, Reversing Labs' Chief Software Architect and Co-Founder, joins Dave to discuss his team's research that addresses the importance of validating third-party software components as a way to manage the risks that they can introduce. Developing software solutions is a complex task requiring a lot of time and resources. In order to accelerate time to market and reduce the cost, software developers create smaller pieces of functional code which can be reused across many projects. The concept of code reuse is one of the cornerstones of modern software engineering and it is universally accepted that everybody should strive towards it. However, in addition to the positives, organizations need to be aware of the security risks introduced by such third-party components. The growing number of cyber incidents that target the software supply chain are focused on high-value target compromises. With the latest surge and public uproar, the US President Biden has issued the Executive Order on Improving the Nation’s Cybersecurity in order to create an institutional framework addressing these kinds of security risks. The research can be found here: Third-party code comes with some baggage Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	Today's episode is sponsored by SRM, your first call for cybersecurity and
0:18.1	investigations. Threats today are evolving faster than ever before and since 2005 SRM has pioneered
0:25.3	tailored security solutions for global corporations and their executives.
0:29.5	Whether it's defending against cyber attacks with their award-winning team of ethical hackers and incident response specialists,
0:36.4	or navigating the murky waters of compliance and ESG challenges,
0:40.9	SRMs, Insight and Straight straightforward advice will help you navigate complex risks
0:46.4	and emerge more resilient.
0:48.4	Their secret, a culture that nurtures the sharpest minds, giving them access to the newest technologies and the freedom
0:55.3	to solve problems in new ways, enabling them to craft simple effective solutions for your
1:01.4	unique cyber challenges.
1:03.7	Search your first call to discover how SRM can help your business. Hello everyone and welcome to the CyberWire's Research Saturday.
1:27.0	I'm Dave Bitner and this is our weekly conversation with researchers and analysts tracking
1:31.7	down threats and vulnerabilities, solving some of the hard problems of protecting
1:36.1	ourselves in a rapidly evolving cyberspace.
1:39.4	Thanks for joining us.
1:55.0	And the question was, how many of these outdated dependencies which might be vulnerable to some serious CVs are out there. That's Thomas Love Parachin from Reversing Labs, where he's chief software architect and
2:00.3	co-founder.
2:01.5	The research we're discussing today is titled
2:03.6	Third Party Code comes with some baggage.
2:07.0	Want to have your voice heard?
2:15.0	Listeners, what are you most proud of this week?
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.