Below the Surface (Audio) - The Supply Chain Security Podcast Security Weekly Productions

Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current challenges with patch management.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-29

Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things".
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-28

In this episode, we disccuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadorian and Alan Alford. Specifically, we discuss:
The importance of understanding and complying with regulations affecting digital supply chains, such as Executive Order 14028 and the NIST Cybersecurity Framework. The podcast highlighted the impact of EU regulations, like CRA, GDPR, and DORA, on global businesses, underscoring the shared responsibility model in data security. Vendors' duties in open-source security and software vulnerability management were discussed, with a call for automation in software inventory and security, including the use of SBOMs. The conversation included strategies for effective supply chain risk management, advising regular updates, and understanding the interconnectedness of vulnerabilities. International compliance, particularly with EU data security laws, presents operational challenges and necessitates robust cybersecurity measures. Proactive vendor communication and automated processes are crucial for managing cybersecurity threats efficiently. Continuous risk assessment is preferred over periodic checks, with an emphasis on a nuanced approach to cybersecurity risk management.
(00:00) - Digital Supply Chain Governance Compliance
(14:08) - EU Regulations on Data Security
(21:38) - Responsibility of Vendors in Open Source
(27:49) - Supply Chain Risk Management Program Advice
(39:01) - Automating Software Inventory and Security
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more!
Show Notes: https://securityweekly.com/bts-27

Cheryl is super passionate about supply chain security and visibility. Tune in to our discussion on how we can collectively get better at reducing the attack surface and working to fix the wide variety of digital supply chain issues we have today.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-26

Paul and Allan will talk a little bit about Allan's background and current work at Eclypsium. Next, we'll cover some of the recent news and topics we've been discussing on our blog including Firewall and VPN appliance security struggles, Shim Shady, Glubteba and other malware targeting UEFI, and some thoughts on recent regulations affecting supply chains such as the EU CRA.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-25

Saša Zdjelar joins us on this episode to dive into how organizations can manage supply chain risk, including the current challenges we face and how best to deal with them.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Show Notes: https://securityweekly.com/bts-24