The National Institute of Standards and Technology (NIST) published an updated guidance on managing supply chain cybersecurity risks on May 5th 2022, titled “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations” (C-SCRM), for organizations that are acquirers and end users of products, software and services. The update includes a detailed list of C-SCRM […]
How an eye-opening conversation with a medical device cybersecurity expert inspired us to start a podcast for product security teams Cybersecurity pros are in the midst of an ongoing struggle. You need to constantly be on the watch for new threats, every single day. You need to find and recruit some of the most […]
Open-source software libraries are the backbone of modern software development and a critical piece of the software supply chain. Engineers don’t need to recreate existing functionality; instead, development efforts can be accelerated using open-source software (OSS) libraries. These days, almost 98% of applications use open-source libraries. Using open-source libraries does bring unique risks. Beyond security […]
In 2020, the SolarWinds supply chain attack penetrated deep into the Federal government’s infrastructure and into some of the largest and most tech-savvy organizations. The compromise gave attackers unprecedented access to some of the best-protected data in the world. It highlighted that no matter how big or well funded an organization is, cyber-attacks can still […]
NUCLEUS:13 is the latest in a long line of TCP/IP stack vulnerabilities that includes NAME:WRECK, Ripple20 and many others. The vulnerabilities have been discovered in the Nucleus TCP/IP stack owned by Siemens, and used in billions of devices.
Originally published on Security Magazine, December 17th, 2021 The Product Security Incident Response Team (PSIRT) is not a firefighter team, but they should be your fire marshal. Your PSIRT is more than a first response team that only activates when an incident occurs. Businesses get the most out of their investment in this highly skilled […]
After many years of hard work, the NTIA (National Telecommunications and Information Administration) published an important document in July 2021: The Minimum Elements for a Software Bill of Materials (SBOM). True to its name, the document details a list of the elements a minimal SBOM should include.