supply chain

Dahua Cameras Pittsburgh

Episode 167: Made in America? Trade Tensions highlight Supply Chain Risk

In this episode of the podcast (#167): two stories this week – one from Pittsburgh and one from New York – have highlighted anxiety about Chinese made cameras and other security gear deployed in U.S. government agencies and in cities and towns. We’re joined by Terry Dunlap the co-founder of ReFirm Labs to talk about why software supply chain risks are real -and growing.

From China with Love: New York Firm sold millions in PRC Surveillance Gear to US Government, Military

A complaint unsealed by the Department of Justice on Thursday alleges a New York firm engineered a years-long scheme to deceive the U.S. government: selling Chinese manufactured cameras and other gear to the U.S. Military, the Department of Energy and other government agencies that it claimed were “Made in the U.S.A”.

Podcast Episode 142: On Supply Chains Diamond-based Identities are forever

In this week’s episode, #142:  we continue our series on Life after Passwords: the Future of Online Identity as we are joined by Ophir Gaathon, the CEO of the firm Dust Identity.

application code on screen

Spotlight Podcast: Fixing Supply Chain Hacks with Strong Device Identities

Supply chain hacks like ME Docs and ASUS aren’t inevitable. In this Spotlight Podcast, sponsored by Trusted Computing Group, I speak with Dennis Mattoon, a Principal Researcher at Microsoft Research and the Chairman of the Trusted Computing Group’s DICE Architectures Working Group* about how strong device identities for IoT endpoints can stop supply chain compromises.

Asus ShadowHammer suggests Supply Chain Hacks are the New Normal

The compromise of device maker Asus Live Update Utility is just the latest evidence that sophisticated attackers have software supply chains in the crosshairs.