CAE Lecture Series: Software Supply Chain Threats & NSA Software Reverse Engineering
Friday, September 20 2024 at 2:00 PM EDT to
Friday, September 20 2024 at 4:00 PM EDT
Online
Online Location Instructions
Description
Mark your calendars and come join your colleagues in the CAE community for the CAE Lecture Series. CAE Lecture Series are free and conducted live in real-time over MS Teams so no travel is required. NSA’s CAE PMO office hosts the presentations via MS Teams which employs slides, VOIP, and chat for live interaction. Just click on the link and enjoy the presentation(s).
Aditya Sirish, New York University, Software Supply Chain Security (2pm EST)
The software supply chain encompasses the systems, infrastructure, and people which produce a software artifact. In recent years, the software supply chain has increasingly become a target for attackers. For example, in 2020, it was discovered that the Orion software produced by SolarWinds and used by numerous US government agencies was backdoored by attackers who had compromised the company’s software build infrastructure. Since then, software supply chain security has seen increased focus from academia, industry, and open source communities alike.
This talk will present an overview of the software supply chain and the threats it faces, backed by previously seen attacks. Following that, the talk will discuss community efforts at organizations like the Linux Foundation and OWASP as well as work being done in academia to improve visibility and better secure software development processes. Finally, the talk will present related open source projects like intoto, The Update Framework, Sigstore, gittuf, and GUAC.
Damon S. NSA, Technical Director for Computer Network Operations, The Software Reverse Engineering Skillset (3pm EST)
Seasoned software reverse engineers at the National Security Agency draw from a wide and esoteric set of skills to support NSA’s cybersecurity and foreign intelligence missions. Bringing new reverse engineers up to speed can take months or years. This talk considers the skills and competencies an aspiring reverse engineer might focus on to improve their readiness for a career in cybersecurity and the intelligence community.
MS Teams Information:
Meeting ID: 285 904 682 213 Passcode: PoPUNJ
Dial in by phone
+1 872-239-6004,,107950166# United States, Chicago Find a local number
Phone conference ID: 107 950 166#
Note: This Lecture series cannot be recorded/posted online, we encourage you and your students to attend live.