Interested in being a guest? Email us at admin@evankirstel.com
The invisible layers of software beneath our applications harbor unseen risks that could compromise entire organizations. Nick Mistry CISO from Lineaje Inc pulls back the curtain on why software supply chain attacks like SolarWinds and Log4j caught so many companies unprepared—despite having robust security programs in place.
Software today can contain dependencies that run 60 layers deep, creating a perfect hiding place for malicious code or vulnerabilities. As Nick explains, "Open source people who develop open source are in it to drive innovation. They're not necessarily in it to maintain that software over time." This fundamental tension sets the stage for the security challenges we're witnessing.
What makes Lineaje approach different is their comprehensive scanning of both source code and compiled binaries to detect tampering, combined with their "Gold Open Source" program that provides pre-vetted, secure components. Most exciting is their "agentic AI" technology that automatically remediates vulnerabilities without breaking applications—completing in minutes what would take developers weeks to accomplish manually, all while keeping sensitive code within your environment.
The conversation takes a fascinating turn when Nick discusses how AI is transforming the threat landscape itself. "The old world of prioritizing vulnerabilities based on exploitability is quickly becoming outdated," he warns. "Threat actors can now use AI to get any vulnerability, whether it has an exploit or not, and create an exploit almost overnight with very little skill." This reality demands a fundamental shift in how we approach software security.
Want to take immediate action? Start by creating a comprehensive Software Bill of Materials (SBOM) for your applications. Join us at the Lineaje Software Supply Chain Summit on August 4th at #BlackHat to learn more about using AI for security and securing AI itself.
More at https://linktr.ee/EvanKirstel