Register
Promote YOUR BRAND

MYSEC.TV

Home   /   RESOURCES   /   MYSEC.TV   / Software Supply Chain Risks

Software Supply Chain Risks

Tech & Sec Weekly
SHARE:

IN THIS VIDEO

Jane Lo, Singapore Correspondent speaks with Yakir Kadkoda, Security Researcher and Ilay Goldman, Security Researcher with Aqua Security

Yakir Kadkoda combines his expertise in vulnerability research with a focus on discovering and analyzing new security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Prior to joining Aqua, Yakir worked as a red teamer.

Ilay Goldman specializes in discovering and analyzing novel security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Additionally, Ilay conducts research on open-source security and vulnerabilities. Prior to joining Aqua, he worked as a red teamer.

In this interview at Black Hat Asia, Yakir and Ilay explain the complexity of a modern software supply chain, and the dependency of a typical software development cycle on open-source code, and the wide array of tools and platforms.

They note that in this supply chain ecosystem, there are many vulnerable tools and platforms trusted by majority of developers. To highlight some examples of these vulnerabilities, Yakir and Ilay divide the development flow of many organizations into different phases – Integrated Development Environments (IDEs), Source Code Managers (SCMs), Continuous Integration/ Development (CI/CD), Package management and more.

They point out, for instance, the potential of malicious IDE extensions that may be inadvertently trusted by developers, or how threat attackers could compromise accesses to package manager platforms to impersonate malicious packages.

They also share how they found tens of thousands of tokens of open source projects that have been leaked by CI/CD platforms, which could be exploited for lateral movement.

Wrapping up, they advise that software developers practice security-by-design – that whilst “security takes time”, fixing the problem later may incur even more costs and time.

Recorded 11th May 2023, 11am, Black Hat Asia 2023, Singapore Marina Bay Sands

#BHasia #mysecuritytv #supplychain #cybersecurity

OTHER VIDEOS IN THIS SERIES

sp1
Meet Australia's first Astronaut under the national flag
July 26, 2024
We speak with Katherine Bennell-Pegg, Australian Astronaut, Australian Space Agency in Adelaide for The Andy Thomas Space Foundation’s Australian Space Forum. Watch Now
space1107
CubeSatPlus 2024 - NEW SPACE - Unbounded Skies
July 11, 2024
The Australian Centre for Space Engineering Research (ACSER) held the CubeSatPlus2024 Innovation and Development Workshop at UNSW Sydney’s Kensington Campus on 9 – 10 July. Watch Now
tv1
Technology Leadership in the AI era
July 8, 2024
Prior to Joining Seaco as CIO, Damian held the position of Chief Technology Officer for Workday Asia Pacific and Japan. Watch Now
space0724
Hybrid Threats and Grey Zone Operations in Space
July 3, 2024
We speak with Professor Melissa de Zwart, Professor Space Law and Governance, Andy Thomas Centre for Space Resources, Deputy Director, ARC Centre of Excellence in Plants 4 Space, University of Adelaide. Watch Now

MySecurity MarketPlace, powered by MySecurity Media is a dedicated marketplace connecting industry and enterprise professionals to the latest events, education, technology and media platforms across a global domain.

LATEST EVENT LISTED

Australian-Security-Industry-Awards-2024-1
Australian Security Industry Awards 2024
Sunshine Coast Webinar 3 Promo_700x480
Testing Tech in Paradise: Closing Series Webinar
Security and Risk professional Series - Episode 4
Security & Risk Professional Insight Series: Operational Technology (OT) Cybersecurity

CONNECT WITH US

X-twitter Facebook-f Linkedin-in Instagram Youtube Podcast Google-play Apple

CONTACT US

© My Security Media. All Right Reserved 2019.

Privacy Policy | Terms & Conditions | Competition T&Cs