Securing the DevOps Pipeline - You Can Do It the Way Intel Does! - with Darren Pulsipher
In this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and the Vidovich brothers Nick and Sam hack the headlines – they discuss the latest news in security and offer their perspectives. Eric also interviews guest Darren Pulsipher, Chief Solutions Architect at Intel Corporation, about supply chain security at Intel.
Hacking the Headlines:
Researchers warn of the huge risks involved in the rapid deployment of AI in agriculture, noting that cyberattacks on high-tech farm equipment could threaten the global food supply chain.
Netgear recently issued a security advisory outlining vulnerabilities in two popular router models. According to Netgear, they are unfixable. Is this a responsible disclosure, or does it just raise more questions/concerns than it addresses?
A malicious Python package that performs supply chain attacks was spotted in the PyPI registry. It was downloaded 325 times before being removed. Is this more serious than funny, or more funny than serious?
Interview with Darren Pulsipher:
Darren has been working on security solutions with Intel for 12 years. He’s seen from the inside how to build robust security into the software development and supply chain processes. In addition to his day job, he hosts his own tech podcast and is part of a standards body working to articulate how organizations should use the Software Bill of Materials (SBOM) to secure software and meet regulatory requirements.
Eric and Darren discuss:
Intel’s process for analyzing third-party software and scanning for vulnerabilities
Securing the DevOps pipeline
Balancing value and risk in using open-source software
Potential impacts of Executive Order 14028 on improving the nation’s cybersecurity
Find Darren on LinkedIn: https://www.linkedin.com/in/darrenpulsipher/
Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.
If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.
To learn more about building a robust product security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/.