{"id":15787,"date":"2023-12-06T02:00:23","date_gmt":"2023-12-06T10:00:23","guid":{"rendered":"https:\/\/softwareengineeringdaily.com\/?p=15787"},"modified":"2023-12-04T06:45:48","modified_gmt":"2023-12-04T14:45:48","slug":"software-supply-chain-security-with-michael-lieberman","status":"publish","type":"post","link":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/","title":{"rendered":"Software Supply Chain Security with Michael Lieberman"},"content":{"rendered":"

\"\"<\/a><\/p>\n

\n

One of the most famous software exploits in recent years was the SolarWinds attack in 2020. In this attack, Russian hackers inserted malicious code into the SolarWinds Orion system, allowing them to infiltrate the systems of numerous corporations and government agencies, including the U.S. executive branch, military, and intelligence services.<\/p>\n

\n
<\/div>\n
\n

This was an example of a software supply chain attack, which exploits interdependencies within software ecosystems. Software supply chain security is a growing issue, and is particularly important for companies that rely on large numbers of open source dependencies.<\/p>\n

\n
<\/div>\n
\n

Michael Lieberman<\/a> is the Co-Founder and CTO of Kusari<\/a> and has an extensive background in software security from his time at Citi Bank, MUFG and Bridgewater. He\u2019s also active in the open source and security communities, including the Open Source Security Foundation and Cloud Native Computing Foundation. Michael joins the show today to talk about challenges and strategies in software supply chain security.<\/p>\n

\n
\n
<\/div>\n<\/div>\n
\"\"\"\"<\/a>Gregor Vand is a security-focused technologist, and is the founder and CTO of Mailpass. Previously, Gregor was a CTO across cybersecurity, cyber insurance and general software engineering companies. He has been based in Asia Pacific for almost a decade and can be found via his profile at vand.hk<\/a>.<\/span><\/div>\n

 <\/p>\n

\n
\n

Please click here for the transcript of this episode.<\/a><\/p>\n

Sponsorship inquiries:\u00a0sponsor@softwareengineeringdaily.com<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

One of the most famous software exploits in recent years was the SolarWinds attack in 2020. In this attack, Russian hackers inserted malicious code into the SolarWinds Orion system, allowing them to infiltrate the systems of numerous corporations and government agencies, including the U.S. executive branch, military, and intelligence services. This was an example of<\/p>\n","protected":false},"author":94,"featured_media":15789,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Software Supply Chain Security with Michael Lieberman @mlieberman85 @kusaridev","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1363,2143,5933,5755,14,1083],"tags":[1152,5886,5908,282,5885,5934],"class_list":["post-15787","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-all-episodes","category-exclusive-content","category-gregor-vand","category-hosts","category-podcast","category-security","tag-cloud-native-computing-foundation","tag-kusari","tag-michael-lieberman","tag-open-source","tag-software-supply-chain-security","tag-solarwinds-orion"],"jetpack_publicize_connections":[],"acf":[],"yoast_head":"\nSoftware Supply Chain Security with Michael Lieberman - Software Engineering Daily<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Software Supply Chain Security with Michael Lieberman - Software Engineering Daily\" \/>\n<meta property=\"og:description\" content=\"One of the most famous software exploits in recent years was the SolarWinds attack in 2020. In this attack, Russian hackers inserted malicious code into the SolarWinds Orion system, allowing them to infiltrate the systems of numerous corporations and government agencies, including the U.S. executive branch, military, and intelligence services. This was an example of\" \/>\n<meta property=\"og:url\" content=\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/\" \/>\n<meta property=\"og:site_name\" content=\"Software Engineering Daily\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-06T10:00:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-04T14:45:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2023\/11\/Kusari.png?fit=600%2C315&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"315\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"SEDaily\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@software_daily\" \/>\n<meta name=\"twitter:site\" content=\"@software_daily\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"SEDaily\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/\"},\"author\":{\"name\":\"SEDaily\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/f1a6631864960c74ef79dae73df8984c\"},\"headline\":\"Software Supply Chain Security with Michael Lieberman\",\"datePublished\":\"2023-12-06T10:00:23+00:00\",\"dateModified\":\"2023-12-04T14:45:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/\"},\"wordCount\":224,\"publisher\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2023\/11\/Kusari.png?fit=600%2C315&ssl=1\",\"keywords\":[\"Cloud Native Computing Foundation\",\"Kusari\",\"Michael Lieberman\",\"Open Source\",\"Software supply chain security\",\"SolarWinds Orion\"],\"articleSection\":[\"All Content\",\"Exclusive Content\",\"Gregor Vand\",\"Hosts\",\"Podcast\",\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/\",\"url\":\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/\",\"name\":\"Software Supply Chain Security with Michael Lieberman - Software Engineering Daily\",\"isPartOf\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2023\/11\/Kusari.png?fit=600%2C315&ssl=1\",\"datePublished\":\"2023-12-06T10:00:23+00:00\",\"dateModified\":\"2023-12-04T14:45:48+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#primaryimage\",\"url\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2023\/11\/Kusari.png?fit=600%2C315&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2023\/11\/Kusari.png?fit=600%2C315&ssl=1\",\"width\":600,\"height\":315},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/softwareengineeringdaily.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Software Supply Chain Security with Michael Lieberman\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#website\",\"url\":\"https:\/\/softwareengineeringdaily.com\/\",\"name\":\"Software Engineering Daily\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/softwareengineeringdaily.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#organization\",\"name\":\"Software Engineering Daily\",\"url\":\"https:\/\/softwareengineeringdaily.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/01\/cropped-sed_website_banner.png?fit=549%2C169&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/01\/cropped-sed_website_banner.png?fit=549%2C169&ssl=1\",\"width\":549,\"height\":169,\"caption\":\"Software Engineering Daily\"},\"image\":{\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/software_daily\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/f1a6631864960c74ef79dae73df8984c\",\"name\":\"SEDaily\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/96a9ce2f21db7050dc801bc0505cb90b?s=96&d=retro&r=pg\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/96a9ce2f21db7050dc801bc0505cb90b?s=96&d=retro&r=pg\",\"caption\":\"SEDaily\"},\"url\":\"https:\/\/softwareengineeringdaily.com\/author\/sed-production\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Software Supply Chain Security with Michael Lieberman - Software Engineering Daily","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/","og_locale":"en_US","og_type":"article","og_title":"Software Supply Chain Security with Michael Lieberman - Software Engineering Daily","og_description":"One of the most famous software exploits in recent years was the SolarWinds attack in 2020. In this attack, Russian hackers inserted malicious code into the SolarWinds Orion system, allowing them to infiltrate the systems of numerous corporations and government agencies, including the U.S. executive branch, military, and intelligence services. This was an example of","og_url":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/","og_site_name":"Software Engineering Daily","article_published_time":"2023-12-06T10:00:23+00:00","article_modified_time":"2023-12-04T14:45:48+00:00","og_image":[{"width":600,"height":315,"url":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2023\/11\/Kusari.png?fit=600%2C315&ssl=1","type":"image\/png"}],"author":"SEDaily","twitter_card":"summary_large_image","twitter_creator":"@software_daily","twitter_site":"@software_daily","twitter_misc":{"Written by":"SEDaily","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#article","isPartOf":{"@id":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/"},"author":{"name":"SEDaily","@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/f1a6631864960c74ef79dae73df8984c"},"headline":"Software Supply Chain Security with Michael Lieberman","datePublished":"2023-12-06T10:00:23+00:00","dateModified":"2023-12-04T14:45:48+00:00","mainEntityOfPage":{"@id":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/"},"wordCount":224,"publisher":{"@id":"https:\/\/softwareengineeringdaily.com\/#organization"},"image":{"@id":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2023\/11\/Kusari.png?fit=600%2C315&ssl=1","keywords":["Cloud Native Computing Foundation","Kusari","Michael Lieberman","Open Source","Software supply chain security","SolarWinds Orion"],"articleSection":["All Content","Exclusive Content","Gregor Vand","Hosts","Podcast","Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/","url":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/","name":"Software Supply Chain Security with Michael Lieberman - Software Engineering Daily","isPartOf":{"@id":"https:\/\/softwareengineeringdaily.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#primaryimage"},"image":{"@id":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2023\/11\/Kusari.png?fit=600%2C315&ssl=1","datePublished":"2023-12-06T10:00:23+00:00","dateModified":"2023-12-04T14:45:48+00:00","breadcrumb":{"@id":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#primaryimage","url":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2023\/11\/Kusari.png?fit=600%2C315&ssl=1","contentUrl":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2023\/11\/Kusari.png?fit=600%2C315&ssl=1","width":600,"height":315},{"@type":"BreadcrumbList","@id":"https:\/\/softwareengineeringdaily.com\/2023\/12\/06\/software-supply-chain-security-with-michael-lieberman\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/softwareengineeringdaily.com\/"},{"@type":"ListItem","position":2,"name":"Software Supply Chain Security with Michael Lieberman"}]},{"@type":"WebSite","@id":"https:\/\/softwareengineeringdaily.com\/#website","url":"https:\/\/softwareengineeringdaily.com\/","name":"Software Engineering Daily","description":"","publisher":{"@id":"https:\/\/softwareengineeringdaily.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/softwareengineeringdaily.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/softwareengineeringdaily.com\/#organization","name":"Software Engineering Daily","url":"https:\/\/softwareengineeringdaily.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/01\/cropped-sed_website_banner.png?fit=549%2C169&ssl=1","contentUrl":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2024\/01\/cropped-sed_website_banner.png?fit=549%2C169&ssl=1","width":549,"height":169,"caption":"Software Engineering Daily"},"image":{"@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/software_daily"]},{"@type":"Person","@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/f1a6631864960c74ef79dae73df8984c","name":"SEDaily","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/softwareengineeringdaily.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/96a9ce2f21db7050dc801bc0505cb90b?s=96&d=retro&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/96a9ce2f21db7050dc801bc0505cb90b?s=96&d=retro&r=pg","caption":"SEDaily"},"url":"https:\/\/softwareengineeringdaily.com\/author\/sed-production\/"}]}},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/i0.wp.com\/softwareengineeringdaily.com\/wp-content\/uploads\/2023\/11\/Kusari.png?fit=600%2C315&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p7GuoD-46D","_links":{"self":[{"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/posts\/15787"}],"collection":[{"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/users\/94"}],"replies":[{"embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/comments?post=15787"}],"version-history":[{"count":0,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/posts\/15787\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/media\/15789"}],"wp:attachment":[{"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/media?parent=15787"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/categories?post=15787"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/softwareengineeringdaily.com\/wp-json\/wp\/v2\/tags?post=15787"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}