Security News > 2022 > June > Supply chain attacks will get worse: Microsoft Security Response Center boss

Supply chain attacks will get worse: Microsoft Security Response Center boss
2022-06-09 02:30

Major supply-chain attacks of recent years - we're talking about SolarWinds, Kaseya and Log4j to name a few - are "Just the tip of the iceberg at this point," according to Aanchal Gupta, who leads Microsoft's Security Response Center.

As the head of MSRC, Gupta has a unique vantage point.

Her view spans all of Microsoft's products and services, as well as visibility across industry partners' software and tools plus customers' environments including government agencies.

"The reason we will have a continuation of these supply chain attacks is our reliance on third party software and open source software is only growing," she said.

Gupta, who previously worked as a developer at Microsoft and Facebook, said she remembers when the news about the Log4j exploit broke.

"When we ship something, or when we consume something, what are the downstream dependencies? It's critical for us to be very well aware of that," and Microsoft maintains a software dependency index, which helped the MSRC respond quickly to Log4j, Gupta noted.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/09/microsoft_supply_chain_attacks/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399