As has long been the tradition at the annual RSA Conference, the final panel event is the Top 5 Most Dangerous New Attack Techniques session, and the virtual 2021 edition of the conference was no exception.
Ed Skoudis, fellow and director at SANS Institute, identified undermining software integrity as one of the biggest attack vectors that he is seeing today. Software integrity includes supply chain security for all the embedded libraries and components that make up a modern application.
"Our software development and distribution processes today are focused on speed, getting new code and features out faster," Skoudis said. "They're not focused on trust and cybersecurity, and this is a pretty profound problem."
According to Skoudis, there is no single solution to the problem of software integrity and software supply chain management. The first thing that needs to happen is organizations need to know what software they have in their environments so that they can defend it. The next step is to have a software bill of materials, which essentially identifies all the components that make up a given set of software applications. Skoudis also recommends that organizations integrate threat-hunting activities into their workflows as well to help actively look for potential risks.
No tags.
