Application Security Weekly (Video) artwork

Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Luis Villa - ASW #287

Application Security Weekly (Video)

English - June 04, 2024 14:07 - 42 minutes - 182 MB Video - ★★★★ - 5 ratings
Technology News Tech News devops applicationsecurityweekly appsec asw keithhoodlet paulasadoorian sdlcsecurity technology video Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Securing Shadow Apps & Protecting Data - Guy Guzner, Pranava Adduri - ASW Vault
Next Episode: Bots are Taking Over the Internet & Defining ASPM - Idan Plotnik, Erez Hasson - ASW #287

Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and trust.

Segment Resources:

https://www.cisa.gov/news-events/news/lessons-xz-utils-achieving-more-sustainable-open-source-ecosystem https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094 https://www.cisa.gov/securebydesign/pledge https://tidelift.com/about/press-releases/tidelift-study-reveals-that-despite-increasing-demands-from-government-and-industry-60-of-maintainers-are-still-unpaid-volunteers https://blog.tidelift.com/paying-maintainers-the-howto

Show Notes: https://securityweekly.com/asw-287