Main Stage: Understanding and Reducing Supply Chain and Software Vulnerability Risks
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This talk delves into the multifaceted challenges of **supply chain and software vulnerability risks**, urging a shift from conventional, often superficial, security assessments to a more proactive and deeply technical understanding. Presented by a representative of Threat Locker, the discussion moves beyond the typical vendor questionnaires and audit reports, which frequently overlook critical vulnerabilities by focusing solely on documented controls rather than the absence of essential protections. The speaker critically examines the pervasive debate between **cloud versus on-premises security**, illustrating that neither deployment model inherently guarantees superior protection, but rather the nature of the attack and the organization's defensive posture dictate the outcome.