Ep 31 - OSS Malware, TeamPCP, and the Supply Chain Is Not a Solved Problem ft. Jenn Gile

🎙️ Coffee, Chaos and ProdSec, Ep 31

Open source malware is not a harder version of CVE management. It is a completely different problem, and most orgs are running the wrong playbook.

This week Cameron and Kurt are joined by Jenn Gile, co-founder of OpenSourceMalware.com and advisor at Endor Labs, and she comes prepared to take everyone to school.

They dig into how attacks like TeamPCP actually work, why your scanner is not built to catch them, and what detection looks like across the full pipeline. From install-time execution to account takeovers to the dependencies nobody vetted, the attack surface is bigger than most teams have mapped.

Then they get into what a real defense program looks like, and why owning a tool is not the same as owning the problem. Spoiler: the supply chain is not a solved problem, and this episode makes that very clear.

If you work in Application Security, Product Security, DevSecOps, or Software Supply Chain Security, this one is going to hurt a little. In the best way.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.