In this episode of the Security Ledger Podcast, Paul speaks with Jill Moné-Corallo, the Director of Product Security Engineering Response at GitHub. Jill talks about her journey from a college stint working at Apple’s Genius bar, to the information security space – first at product security at Apple and now at GitHub, a massive development platform that is increasingly in the crosshairs of sophisticated cyber criminals and nation-state actors.
Innovation in the cybersecurity industry often starts with the bad guys. Hard as it is to admit, information security firms are often playing catch up with cyber criminals and nation state actors: adjusting their tools and methods to respond to changes in attacks and compromises.
We’re seeing that dynamic play out these days in the increasing attention and urgency around attacks on software supply chains, as malicious actors have realized that they can bypass network defenses by insinuating themselves into the software and services that target organizations rely on.
Growing threats to open source platforms
Attacks on open source projects and platforms are part of that trend. Malicious actors are increasingly targeting development platforms — planting malicious modules on platforms like Github, NPM and PyPi that imitate popular and then waiting for unsuspecting developers to download and integrate their malicious code with legitimate applications. Recent months have seen large scale attacks involving scores ore even hundreds of malicious modules designed to steal data or provide remote access to environments on which