CYBRIC’s CTO and Co-founder Mike Kail Explores DevSecOps

CYBRICCYBRIC CTO and Co-founder Mike Kail and I connected to discuss DevSecOps. First, Mike tells us what DevSecOps is and why we need it. We talk about the advantages and disadvantages (although we couldn’t really think of any compelling disadvantages) of changing the corporate culture of DevOps to include security. DevSecOps is really fixing the corporate mindset to include security in all facets of operations. It puts forth the radical notion that security is everyone’s responsibility. And, although I’m being a bit sarcastic with that previous comment, I do believe that for some companies and some individuals that this notion of everyone owning security is radical.

CTO Mike KailIt shouldn’t be. Security affects us all. It affects us to the tune of $16+ billion in losses due to credit card fraud and identity theft. And that number grows every year.

Listen to the podcast for more details on DevSecOps and how you can help change the culture at your company to make security a priority for everyone.

Podcast details:

Length: 16:52 mins. Format: MP3. Rating: G for all audiences and venues.

Copyright 2018 The SecurityNOW Podcast Show. License: CC BY.

 

Anaconda’s Mathew Lodge Sheds Light on Software Supply Chain Security

AnacondaI spoke with Anaconda‘s SVP of Products and Marketing, Mathew Lodge, about software supply chain security. We covered such topics as how to protect the software supply chain, CCleaner, and the deliberately corrupted Python libraries in the Python Package Index (PyPI), Python’s public package repository. Mathew is very knowledgeable about the software development lifecycle, the software supply chain weak spots, and where attackers can inject malicious code into those processes and procedures.

We invite you to listen in and get involved in the conversation because these vulnerabilities affect us all and the viability of our current and future software projects. Ubiquitous software libraries, such as those that the Python project provides to thousands of open source and proprietary applications is a single, but not an isolated, example of what can happen.

Podcast details:

Length: 21:38 minutes. Format: MP3. Rating: G for all audiences and venues.

Copyright 2018 The SecurityNOW Podcast Show. License: CC BY.