The Blast Radius Problem: Why Software Supply Chain Visibility Isn't Optional

Is your software supply chain a ticking time bomb? 💣 In this episode of "Keeping the Pace with NetRise," we dive deep into the "Blast Radius Problem" and why total visibility into your software supply chain is no longer optional—it’s a business necessity. Join Gary Schwartz (SVP of Marketing), Michael Scott (CTO & Co-Founder), Colin Lernihan (Senior Director of Product Management), and Ishan Sethi (Product Manager) as they discuss the hidden risks lurking in your dependencies. 🔍 In This Episode, You’ll Learn: • The XZ-Utils & Axios Lessons: How one compromised dependency can ripple through the entire global ecosystem. • The "Blast Radius" Defined: Why focusing only on direct dependencies is a mistake. We show how one package (like LiteLLM) can have over 38,000 indirect descendants. • Every Laptop is a Build Pipeline: How the explosion of AI tools means even non-developers are unknowingly installing and executing code on their machines. • Proactive Prevention: How to use real-time analysis, AI-driven forensics, and custom policy engines to block malicious builds before they reach your environment. • Compliance & Geo-Risk: How to track contributor locations and credentials to meet strict industry standards (like automotive). 🛠️ Featured Tool: NetRise Provenance We recently launched NetRise Provenance, highlighted by CRN as one of the "20 Coolest Product Launches" at RSA Conference 2026. Learn how this tool identifies risk associated with contributors to the open source components inside enterprise software and connected devices, and how far the risk associated with bad actors reaches across portfolios. Provenance adds a layer of trust and intelligence to the NetRise Platform, a deeper look into the Software Bill of Materials (SBOM). Timestamps: 00:00 – Introduction to Keeping the Pace 01:40 – What is NetRise Provenance? 02:22 – The XZ-Utils Incident & The Visibility Gap 04:27 – Why Software Supply Chain Security is Hard 07:35 – The AI Impact: Every Laptop is a Developer Machine 09:15 – Deep Dive: Analyzing the Blast Radius of LightLLM 13:30 – How to Set Blocking Policies & Prevent Attacks 15:58 – Predictive Security & The Role of AI 21:40 – Hard-coded Credentials & Hidden Tokens Connect with NetRise: 🌐 Website: https://www.netrise.io 🔗 LinkedIn: https://www.linkedin.com/company/netrise-io/ 💻 GitHub (CLI Tool): Explore our policy engine and knobs Subscribe for more insights on firmware security, SBOMs, and securing the modern software supply chain! #SoftwareSupplyChain #CyberSecurity #NetRise #AppSec #AI #DevSecOps #SBOM #BlastRadius #InformationSecurity #RSA2026