This week’s podcast is sponsored by Intel. In it, we speak with Intel’s Suzy Greenberg about a recent study Intel sponsored with the Ponemon Institute looking at the need for greater vendor transparency around cyber security. Suzy is a vice president at Intel and general manager of security communications and incident management in the Intel Product Assurance and Security group.
The compromise of firms such as SolarWinds and Accellion in recent months have made clear to everyone that the fate of your organization’s cyber security concerns doesn’t stop at the firewall. Indeed, as digital transformation takes hold across industries, the security of the software providers and third parties is now integral to the security and safety of pretty much every organization. Security teams, trained to monitor corporate perimeters and network traffic, now need to concern themselves with flaws buried deep in third party products and attacks that come wrapped as software updates.
But what does that increasing reliance and interdependence mean for the relationships between software providers and their customers, particularly around information about software flaws and vulnerabilities? Do software and service providers owe it to their customers to be fully transparent about flaws or weaknesses in their platforms even in advance of patches, or is the byword still “say nothing unless asked”?
Those are questions I put to our guest this week. Suzy Greenberg is a vice president at Intel and general manager of security communications and incident management in the Intel Product Assurance and Security group. Suzy leads the execution of Intel’s global security communications strategy as well as the company’s response to matters involving product assurance and security.
In this conversation, Suzy and I talk about a survey (PDF) the company conducted with the Ponemon Institute to measure attitudes about vendor transparency about security. Among the survey’s findings: 47% said that their technology provider does not provide transparency surrounding security updates and mitigations.
To start off, I asked Suzy about Intel’s Product Security Incident Response Team (PSIRT) and how the company that makes the chips that power modern technology manages its own product security challenges. You can check out the full podcast above or download the MP3.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.