Below the Surface (Video) - The Supply Chain Security Podcast Security Weekly Productions

In this episode, we disccuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadorian and Alan Alford. Specifically, we discuss:
The importance of understanding and complying with regulations affecting digital supply chains, such as Executive Order 14028 and the NIST Cybersecurity Framework. The podcast highlighted the impact of EU regulations, like CRA, GDPR, and DORA, on global businesses, underscoring the shared responsibility model in data security. Vendors' duties in open-source security and software vulnerability management were discussed, with a call for automation in software inventory and security, including the use of SBOMs. The conversation included strategies for effective supply chain risk management, advising regular updates, and understanding the interconnectedness of vulnerabilities. International compliance, particularly with EU data security laws, presents operational challenges and necessitates robust cybersecurity measures. Proactive vendor communication and automated processes are crucial for managing cybersecurity threats efficiently. Continuous risk assessment is preferred over periodic checks, with an emphasis on a nuanced approach to cybersecurity risk management.
(00:00) - Digital Supply Chain Governance Compliance
(14:08) - EU Regulations on Data Security
(21:38) - Responsibility of Vendors in Open Source
(27:49) - Supply Chain Risk Management Program Advice
(39:01) - Automating Software Inventory and Security
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more!
Show Notes: https://securityweekly.com/bts-27

Cheryl is super passionate about supply chain security and visibility. Tune in to our discussion on how we can collectively get better at reducing the attack surface and working to fix the wide variety of digital supply chain issues we have today.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-26

Paul and Allan will talk a little bit about Allan's background and current work at Eclypsium. Next, we'll cover some of the recent news and topics we've been discussing on our blog including Firewall and VPN appliance security struggles, Shim Shady, Glubteba and other malware targeting UEFI, and some thoughts on recent regulations affecting supply chains such as the EU CRA.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-25

Saša Zdjelar joins us on this episode to dive into how organizations can manage supply chain risk, including the current challenges we face and how best to deal with them.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-24

Short of ripping everything apart (hardware and software) and inspecting the components, which is very time-consuming, how do we solve the visibility gap in various supply chains? Dr. Olga Livingston from CISA joins us to discuss!
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-23

We sit down with the father of the SBOM, Allan Friedman, to discuss examples of where we really need SBOMs, how to operationalize SBOMs, and how to identify and deal with bad things that may be in your SBOM! CISA's resources on SBOM are at cisa.gov/SBOM and anyone can find out more or ask for a meeting at SBOM@cisa.dhs.gov
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-22