3rd Party Risk Management , Events , Governance & Risk Management

Assess the Security of Code in All Supply Chain Components

Alex Bazhaniuk of Eclypsium on Strategies for Strengthening Supply Chain Security
Alex Bazhaniuk, CTO and co-founder, Eclypsium

Every enterprise uses different pieces of infrastructure that run at the application level. Any attacks at that level will compromise the integrity of enterprise systems. And the attacks could come via any vendor or supplier in the supply chain.

See Also: InfoSec: Applying AI to Third-Party Risk Management to Achieve Consistency

Alluding to the SolarWinds attack, Alex Bazhaniuk, CTO and co-founder, Eclypsium, said supply chain security at the infrastructure level is extremely important. "A compromise of any backdoor could compromise all infrastructure in the world. A typical laptop has components from hundreds of vendors in the supply chain, and even the smallest vendor presents a risk to that endpoint," he said.

For instance, a component vendor could produce code for a network card, and that code could potentially have an unpatched vulnerability.

"Every organization, regardless of size, a third-party or fourth-party vendor is important [to secure] the final product," Bazhaniuk said. "So it is important to assess the code running on every technology component."

In this video interview with Information Security Media Group at RSA Conference 2024, Bazhaniuk also discussed:

  • Supply chain security at an infrastructure level;
  • Approaches to building security across the supply chain;
  • How artificial intelligence/machine learning and large language models are automating security.

Bazhaniuk has expertise in hardware, firmware and supply chain security and extensive experience in research and product development. Over the course of his 15-year career, he has spearheaded innovation within teams at organizations such as Eclypsium, Intel and McAfee.


About the Author

Rahul Neel Mani

Rahul Neel Mani

Founding Director of Grey Head Media and Vice President of Community Engagement and Editorial, ISMG

Neel Mani is responsible for building and nurturing communities in both technology and security domains for various ISMG brands. He has more than 25 years of experience in B2B technology and telecom journalism and has worked in various leadership editorial roles in the past, including incubating and successfully running Grey Head Media for 11 years. Prior to starting Grey Head Media, he worked with 9.9 Media, IDG India and Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.