In the latest Security Ledger podcast, we analyze the breach of Deloitte by talking to two people who spend a lot of time judging the security of firms by how they look to the outside world. Dan Tentler of the firm Phobos Group tells us what he found out about Deloitte doing some fast and dirty open source research. Also: we talk to Stephen Boyer of the firm BitSight about a new study that firm did of the gap between the security readiness of financial services firms and the third-party software supply chain they rely on.  The recent compromise of the CCleaner security scanning tool and MEDocs financial software raised concerns about the risk posed by vulnerable software supply chains. But companies face other, serious supply chain risks in the form of third-party service providers like law firms and technology service companies. Such firms often have carte blanche access to their […]

The post Hacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside appeared first on The Security Ledger with Paul F. Roberts.