Securing one’s software supply chain in an era of complex, interconnected systems

Cybersecurity

0

Brought to you by Azul

Today’s headlines on cybersecurity do not make for easy reading. Downloading an update from a trusted software vendor may inadvertently let in a cyber attacker, penetrating otherwise well protected digital infrastructure.

Using an insecure version of Java, which powers much of today’s modern servers and apps, could also make one vulnerable to new loopholes that are being discovered, as shown by last year’s Log4Shell vulnerability.

And patching those systems is a tough ask, especially when engineers do not know where to look amid all the software code in place. In today interconnected systems, where software dependencies are common and complex, the “good guys” need to draw on tools that give them better visibility of what they need to fix.

Hackers today work like businesses and want to “scale up” by attacking, say, a software library instead of an app to compromise more victims’ systems, said Erik Costlow, senior director for product management at Azul

Defending against cyber threats may be about updating one’s systems quickly to fix known vulnerabilities instead of setting up a complex defence against them, he added, in the first Techgoondu Video Q&A.