Checkmarx's Sandeep Johri Details Malicious Code, AI Risks in Application Security
Application and supply chain security are connected due to modern software's reliance on custom code, open-source libraries and third-party components, said Checkmarx CEO Sandeep Johri.
See Also: OnDemand | Secure Your Vendor's Access from Attacks on Third-party Vulnerabilities
Rising supply chain security threats - including malicious code, protestware and adversarial use of generative AI - prompted Checkmarx to launch new modules focused on areas such as managing secrets across the CI/CD pipeline, Johri said. High-profile incidents such as SolarWinds and Log4j failed to spur sufficient action to handle supply chain threats, with malicious code posing a bigger threat than open-source vulnerabilities (see: Why App Security Should Shift Everywhere, Not Just Left).
"Customers don't focus on supply chain as much as they should," Johri said. "They focus on open-source vulnerabilities, which are important, but they are vulnerabilities that someone has to proactively decide to target and exploit. On the other hand, malicious code is in there for malicious intent, and most enterprises I talked to don't even look for malicious code. So it's a SolarWinds waiting to happen."
In this video interview with Information Security Media Group, Johri also discussed:
In a career spanning more than 30 years, Johri has been an executive, founder, strategic adviser and investor. He has held senior management roles at HP and was the CEO of Tricentis, taking the company from an early-stage startup to a global leader of continuous-testing software solutions.