In this episode

• Chris Wysopal - who is that masked man?
• Putting some reality to the state-sponsored backdoors (Huawei) and supply-chain compromise
• The risks coming through the door with the products you buy
• The case for setting up an independent testing lab for mitigating 'backdoor' accusations
• Chris does an interesting assessment on software security practices in the enterprise
• Chris discusses holding your vendor to the same standards you hold yourself
• What does it mean that enterprises are doing a "good job" in SwSec
• Chris goes there, open-source components as part of supply chain risk
• James asks "How do smaller buyers leverage scale to hold their suppliers accountable?"
• Why do we still see SQL Injection?! Are we ever going to get rid of it?

Guest

• Chris Wysopal ( @Weldpond ) - Chris is the Founder, CTO and CISO of VeraCode, a company dedicated to software security as-a-service. Chris has a long and storied history in the security industry dating back to L0pht Heavy Industries. His bio and profile can be found on LinkedIn.

Have something to say? Let's hear it.

Support the show

>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast