How to Recover from the Log4j Supply Chain Attack with Ilkka Turunen

In this episode of the HackerNoon Podcast, Amy Tom sits down with Ilkka Turunen to talk about Supply Chain Security. They go over the Log4J incident that made a lot of apps built-in Java vulnerable to exploitation, what it means to be a field CTO, how companies can place themselves to collect user feedback, and a lot more!

Ilkka Turunen is the Field CTO of https://www.sonatype.com/ (Sonatype).

On this episode of the HackerNoon Podcast, Amy Tom and Ilkka Turunen chat about:

• What is a field CTO anyways? 🤔 (01:20)
• How do you stay in the loop on customer needs and feedback? ➿ (05:19)
• How has Ikka’s job as a field CTO changed since the pandemic started? 😷 (07:30)
• Supply chain attacks have increased since the pandemic started. How have Sonatype’s customers and the business changed over this period? 🧰 (08:53)
• Breaking down how the executive order by Biden’s administration regarding supply chains is affecting the software industry ⚙️ (10:06)
• What is the best way to mitigate supply chain risk? ⚠️ (11:49)
• Getting into vendor due diligence as mitigation of supply chain risk 🚩(17:22)
• Learnings from the Log4J incident 📝 (22:44)
• Why are 40% of Log4J downloads still the old vulnerable versions? ☢️ (25:47)

Log4J vulnerability resource center:

• https://www.sonatype.com/resources/log4j-vulnerability-resource-center

Find Ilkka Turunen online:

• https://twitter.com/llkkaT

Learn more about HackerNoon:

• To read HackerNoon stories, check out hackernoon.com
• To apply for a position, check out https://careers.hackernoon.com/
• To participate in HackerNoon writing contests, check out https://hackernoon.com/u/hackernooncontests