8min chapter

Software Engineering Radio - the podcast for professional software developers cover image

SE Radio 606: Charlie Jones on Third-Party Software Supply Chain Risks

Software Engineering Radio - the podcast for professional software developers

CHAPTER

Securing Software in the Supply Chain: Lessons Learned and Best Practices

The chapter presents a case study on a supply chain attack at software publisher 3CX due to unauthorized software, emphasizing the need for rigorous testing and security measures. It explores the risks of cascading attackers compromising widespread software, discusses the NIST secure software development framework, and advocates for a shift from vulnerability detection to identifying malicious components. The challenges of patching, including the log4j incident, are examined, highlighting the need for comprehensive security protocols beyond celebrity vulnerabilities.

00:00

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode