The person or people that implanted malicious code into XZ Utils put time and effort into building trust in the open source software ecosystem.
The Cyber Safety Review Board cited a string of internal failures in Microsoft's security culture as contributing factors for the 2023 compromise of more than 20 customers' cloud email inboxes by a Chinese threat group.
Dan Lorenc, co-founder and CEO of Chainguard, joins Dennis Fisher to dig into the recent XZ Utils backdoor incident, the implications for the open source ecosystem, and what can be done to avoid similar incidents in the future. Then they discuss the problems facing NIST's National Vulnerability Database and the CVE ecosystem.
Rick Gordon of Tidal Cyber joins Dennis Fisher to discuss his path from the US Naval Academy to submarine officer to Wall Street and finally to the cybersecurity industry, where he's worked for the last 25 years. Dennis and Rick also talk about the importance of the community aspect of cybersecurity and why it's vital to the collective defense.
CISA has laid out the proposed details of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).