DtSR Episode 674 - 3rd Party Risk is a Mess

The "Down the Security Rabbithole Podcast" features Raf, Jim, James, and Paul discussing third-party risk management. The conversation originates from a concern about the quality of third-party pen test reports and expands into the challenges of managing third-party risks at scale. They explore the difficulties large companies face in thoroughly assessing all their vendors, the burdens placed on small companies by extensive questionnaires, and the disconnect between legal compliance and actual security. The group debates the value of current third-party risk management practices, the potential for AI to streamline the process, and whether these efforts genuinely reduce risk or merely provide a false sense of security. The podcast concludes with a call for better questions and processes in third-party risk assessment.