Today’s guest is John Zanni, CEO at Acronis SCS. The general topic is cybersecurity with an emphasis on supply chain risk management.
They were responding to rumors about companies placing components in hardware that could compromise communication systems. The discussion with John Zanni moves from hardware getting compromised to software.
In May of 2019 the White House issued an executive order called Executive Order on Securing the Information and Communications Technology and Services Supply Chain. This was a carefully worded document that didn’t specify any particular company. However, everyone knew that they were talking about a Chinese company called Hauwei.
Today, much software is not written from “scratch.” Frequently, developers rely on blocks of code from software repositories or libraries. We have also seen a movement towards low code and no code systems for enabling a software solution.
John Zanni asks the obvious question: who do you trust? You could inadvertently be bringing malicious code into your system. It is one thing to do this for a small company; a completely different situation for a federal agency.
During the interview John Zanni talks about standards, source code reviews and managing risk. If you assume all the code you connect is safe, think again.