The Cyber Safety Review Board cited a string of internal failures in Microsoft's security culture as contributing factors for the 2023 compromise of more than 20 customers' cloud email inboxes by a Chinese threat group.
Dan Lorenc, co-founder and CEO of Chainguard, joins Dennis Fisher to dig into the recent XZ Utils backdoor incident, the implications for the open source ecosystem, and what can be done to avoid similar incidents in the future. Then they discuss the problems facing NIST's National Vulnerability Database and the CVE ecosystem.
The person or people that implanted malicious code into XZ Utils put time and effort into building trust in the open source software ecosystem.
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
CISA has laid out the proposed details of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).