The RSA Conference brings some of the brightest minds in information security together in one place. We wrote about some of the interesting and must-see talks at this year’s show. We also had the opportunity to sit down with some RSA speakers to hear first hand about their research and insights. We’re highlighting those conversations in three new episodes of our ConversingLabs podcast series that we’re releasing now (thereby allowing you to “binge” Netflix-style on ConversingLabs.)

Here are the ConversingLabs Café-edition episodes from this year’s RSA Conference: 

Episode 6: Robert Martin of MITRE on Supply Chain System of Trust

Robert Martin is a Senior Principal Engineer at MITRE and an expert on supply chain security. He’s also one of the principal creators of MITRE’s supply chain System of Trust (sot.mitre.org), which provides a framework for supply chain security risk assessments that is customizable, evidence-based, scalable and repeatable. Once implemented, the SoT will give organizations within the supply chain confidence in each other as well as different service offerings and supplies.

In this conversation, Robert and I talk about COVID has highlighted supply chain risks – whether its availability, counterfeit products or – of course – cyber risk, he said. But solving supply chain problems is not simply a job for the IT group, he tells me. Instead, it is something that needs to be driven from the very top echelons of an organization. That’s where the System of Trust comes in. It promotes transparency within organizations, allowing both leaders and developers to see all of the players in the supply chain and identify areas of risk. 

 

Episode 7: Steve Lipner of SAFECODE on Supply Chain Security – Is It Even Possible?

When it comes to secure software development, Steve Lipner is one of those information security industry leaders who was there at the creation, so to speak. Lipner, the current Executive Director of the non-profit SafeCode, served as the Director of the Microsoft Security Response Center (MSRC) and from 2004 to 2013 – a critical period that saw Microsoft launch the now renowned Security Development Lifecycle (SDL) initiative, which Lipner oversaw. 

As part of SafeCode, Lipner works to promote secure development principles more widely in industry. SafeCode provides free resources on secure software development as well as advice and recommendations for development organizations in the form of white papers, blog posts, social media posts, and more.

In this conversation from the sidelines at RSA, Steve recounts his own experiences on Microsoft’s Software Security Development Lifecycle Team as the point of the spear in Microsoft’s Trustworthy Computing Initiative. Lipner stresses that to move towards secure software must come from within (so to speak), rather than relying on outsiders (consultants and the like.) He also talks about the Biden Administration’s Executive Order (EO) on Improving the Nation’s Cybersecurity and the impact the EO is having (though it is still a work in progress, he admits).

Check out our full conversation! 

Enjoy. And remember to check out the rest of our ConversingLabs series on our webpage! 

*** This is a Security Bloggers Network syndicated blog from ReversingLabs Blog authored by Paul Roberts. Read the original post at: https://blog.reversinglabs.com/blog/rsa-spotlights-supply-chain-critical-infrastructure-cyber-risk