I had a ten minute interview with the enjoyably competent Marcus Richter and Hagen Terschüren of DLF Kultur last week. It aired as part of the Breitband show on Saturday April 6th. Our topic was open source infrastructure, security challenges to it, and whether the state needs to step up. It is available as
XZ-Backdoor: Wie eine Sicherheitslücke fast das Internet zerstört hat
DLF Kultur Breitband Show 2024-04-06
The show is in German (local copy). Here are my key messages:
- Software supply chain attacks are happening all the time; we need to treat this as business as usual; there are plenty of unknown unknowns
- Closed source is not more secure than open source (there is no “security through obscurity” according to my security colleagues)
- The state needs to step up and support open source infrastructure that is not sexy enough to attract commercial funding
At the end, I made a short detour to a favorite topic of mine, which is to focus on business functions first, and capabilities (to support business functions) second. Unless you are a security company, making things secure is a capability, not a business function. If you make security its own department, you are making it one step removed from where it is needed, weakening the impact of your security work.
Leave a Reply