KNOWLEDGE SERIES

Are you delivering a malware to downstream supply chain?

Soumyo Maity
Senior Principal Engineer,
Product security, Dell Technologies

Dr. Soumyo Maity (Sho-u-mmo Mai-ti, He/Him) is an information security expert and currently leading the global strategies and roadmaps for the Security Development Lifecycle program in Dell Technologies. He earned his PhD in Information Technology from Indian Institute of Technology Kharagpur and coauthored several research articles and book-chapters on information security. He has multiple patents in his name filed in the USA and India. Being a regular speaker in different security forums like Null, FIRST, OWASP etc., Maity is well-connected to the cybersecurity community in India. He is an active member in SAFECODE, and part of the working group for Quantum Cryptography, and Secure Software Development.  He is a member of IEEEE and OWASP. Furthermore, he has also earned multiple coveted industry certifications like CEH, CISP, GISP, GDSA etc.

This year has seen a stunning 650% rise in attacks on supply chain, and malware spreads though that compromised supply chain across the globe, probably faster than the Covid-19. There are red, blue, purple and other color-coded teams with decorated professionals working tirelessly to detect and defend it. We will not discuss about them, today.

This story is about the developers. Have you ever thought, how a simple piece of benign codes written by a good guy unintentionally becomes a destruction machinery? How would a developer protect his/her codes from becoming a super-spreader of malware? Is maintaining some simple hygiene enough? This talk evangelizes for the shift security left philosophy for preventing malware attacks though software supply chain.