KB Kookmin Bank recognized the growing product security challenge in providing modern services based on increasingly complex software. More suppliers. More open source. More weak points. Understanding the trust of their customers was paramount. The bank was ready to rethink the tools they were using in order to better understand their product security posture and […]
Christopher Gates, Leading Medical Device Security Expert, Joins Cybellum’s Industry Advisory Board Author of the Groundbreaking Book: Medical Device Cybersecurity for Engineers and Manufacturers Is One of the Foremost Authorities in this Industry Tel Aviv, Israel, March 14, 2023 – Cybellum, developers of the Product Security Platform for connected products, announced today that Christopher […]
This article is based on Adam Shostack’s interview on the Left to Our Own Devices podcast. Adam Shostack, is a threat modeling expert, pioneer of the CVE standards, author of “What Every Engineer Should Learn From Star Wars,” advisor, game designer, and lecturer. When Adam realized his work affects people’s lives and data and […]
What will your team do if a software component or a supplier’s entire software suite becomes untrustworthy overnight? Do you have a backup plan in place? It’s a scenario that every OEM fears, but many will confront– with most admitting they have no idea what they would do. That’s because current threat intelligence, CVEs, and […]
The Product Security community has had a rough go of it lately. Ransomware attacks, New regulation, Greater internal liabilities, Oh, and no cross-industry processes to better manage the long tail suppliers. Remember years ago how the local news team would forecast a sunny day, just for it to rain? But, with the advancements in connecting […]
This partnership provides automotive industry domain-specific cybersecurity expertise and solutions for enhanced safety and regulatory compliance Tel Aviv, Israel, February 3, 2023 – Cybellum, provider of the Product Security Platform for connected products, has partnered with First International Computer (FIC) to expand its APAC business, providing the automotive industry with domain-specific cybersecurity expertise and solutions […]
VEX reports have finally hit the mainstream and the excitement surrounding them has as much to do with automation as it does with vulnerability management. To appreciate the full practicality of Vulnerability and Exploitability Exchange (VEX) reports, we need to go back to our old friend, the Software Bill of Material, endearingly known as ‘SBOM’. […]
Part 1: Using SBOMs for enhanced visibility and control The dynamic nature of software development exposes the software supply chain to countless sources of both known and unknown vulnerabilities. These can take multiple forms, from insecure open-source software to zero-day exploits. The connected product software revolution’s growing reliance on open-source software increases the risk and […]
Two years following one of the worst cyber-espionage attacks on the USA, we sat down with Thomas LaRock from SolarWinds to learn about how they managed the SUNBURST crisis and came away stronger Thomas LaRock is the Senior Technical Product Marketing Manager–or as they like to put it ‘Head Geek’–at SolarWinds. After many years as […]