I spoke with Anaconda‘s SVP of Products and Marketing, Mathew Lodge, about software supply chain security. We covered such topics as how to protect the software supply chain, CCleaner, and the deliberately corrupted Python libraries in the Python Package Index (PyPI), Python’s public package repository. Mathew is very knowledgeable about the software development lifecycle, the software supply chain weak spots, and where attackers can inject malicious code into those processes and procedures.
We invite you to listen in and get involved in the conversation because these vulnerabilities affect us all and the viability of our current and future software projects. Ubiquitous software libraries, such as those that the Python project provides to thousands of open source and proprietary applications is a single, but not an isolated, example of what can happen.
Length: 21:38 minutes. Format: MP3. Rating: G for all audiences and venues.
Copyright 2018 The SecurityNOW Podcast Show. License: CC BY.