Rapid7 : Chris John Riley on Minimum Viable Secure Product (MVSP)

In the final installment of Season 4 of Security Nation, Jen and Tod sit down with Chris John Riley, senior security engineer at Google and co-host of the First Impressions podcast (the one about cybersecurity, not Jane Austen). They chat about Minimum Viable Secure Product (MVSP), a set of controls Chris recently helped develop at Google that aim to provide a better baseline for security when evaluating vendor risk. They discuss the state of supply chain security for technology vendors and the challenges of establishing what really qualifies as "minimum" in terms of security protocols.

Stick around for our Rapid Rundown, where Tod and Jen talk about a recently disclosed DNS rebinding vulnerability in Sky routers that exposed them to takeover attacks over the course of a whopping 17 months.

Check back in with us for Season 5 of Security Nation in January. In the meantime, have a safe holiday and a happy New Year!​

Chris John Riley

Chris John Riley is a Senior Security Engineer at Google, where he is tech lead for the vendor reviews focus area.

In his spare time, Chris collects books (that he never finds time to read) and spends his weekend taking long romantic walks from the sofa to the kitchen (mostly for snacks).

Show notes

Interview links

• Listen to Chris's podcast, First Impressions.
• Check out the other, Jane Austen-themed First Impressions podcast.
• Learn more about MVSP at the official site and in this blog post from Google.
• Read up on the ETSI standard Jen mentioned.
• Revisit our previous episode on Disclose.io with Casey Ellis.

Rapid Rundown links

• Read about the Sky router vulnerability.
• If you just can't wait till January to hear from us again, revisit Season 4.

Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

Want More Inspiring Stories From the Security Community? Subscribe to Security Nation Today