Software supply chain management: Lessons learned from SolarWinds. [CyberWire-X]

CyberWire Daily

N2K Networks, Inc.

News, Daily News, Tech News, Technology

4.8 • 1.1K Ratings

🗓️ 3 January 2023

⏱️ 44 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Between the emergence of sophisticated nation-state actors, the rise of ransomware-as-a-service, the increasing attack surface remote work presents, and much more, organizations today contend with more complex risk than ever. A “Secure-by-Design” approach can secure software environments, development processes and products. That approach includes increasing training for employees, adopting zero trust, leveraging Red Teams, and creating a unique triple-build software development process. SolarWinds calls its version of this process the "Next-Generation Build System," and offers it as a model for secure software development that will make supply chain attacks more difficult. On this episode of CyberWire-X, host Rick Howard, N2K’s CSO, and CyberWire’s Chief Analyst and Senior Fellow, discusses software supply chain lessons learned from the SolarWinds attack of 2020 with Hash Table members Rick Doten, the CISO for Healthcare Enterprises and Centene, Steve Winterfeld, Akamai's Advisory CISO, and Dawn Cappelli, Director of OT-CERT at Dragos, and in the second half of the show, Rick speaks with our episode sponsor, SolarWinds, CISO Tim Brown. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire X, a series of specials where we highlight important security topics
0:25.8	affecting security professionals worldwide.
0:28.4	I'm Rick Howard, the chief security officer of N2K and the chief analyst and senior fellow at the CyberWire.
0:35.4	In today's episode is called Software Supply Chain Management,
0:39.1	Lessons Learn from Solar Winds.
0:41.6	A program note, each CyberYX special features two segments.
0:45.9	In the first part we'll hear from an industry expert on the topic at hand, and in the second
0:50.1	part we'll hear from our show's sponsor for their point of view.
0:53.2	After a word from our sponsor, some of our regular subject matter experts will visit me at
0:57.6	the CyberWire's hash table to tell us how they think about software supply chain risk. I'm right back.
1:05.0	Here's a word from the leading IT management software company, Solar Wins.
1:16.2	For more than 20 years, Solar Wins has focused on providing simple, powerful, and secure
1:21.9	IT management software software built to accelerate your digital
1:25.6	transformation. Everything the company does is guided by being
1:29.4	secure by design. Secure by design is a new gold-plated initiative designed to set a new standard in
1:36.0	secure software development. With secure by design, SolarWind's internal
1:40.4	environments, software build processes, and ongoing life cycle management
1:45.1	all adhere to a multi-layer security framework.
1:48.5	The newest solution built using secure by design is Solar Winds Observability.
1:53.4	The company's first fully integrated SAS offering.
1:56.4	Solar Winds Observability uses powerful machine learning
1:59.5	and artificial intelligence to provide comprehensive visibility into today's modern distributed
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.