Tag: incident response

Cyber Resilience Blog

Building a Resilient Future: Strengthening Product Security with SBOMs and Collaborative Governance

The increase in cyber attacks against connected automotive, medical, and industrial products has not gone unnoticed by the Federal Government, as demonstrated by the recent release of the White House National Cybersecurity Strategy 2023. This strategy acknowledges the importance of protecting sensitive data and infrastructure from cyberattacks and lays out a framework for a joint […]

Adam Boulton

What the Food and Building Industry Can Teach Us About Securing Embedded Systems

As one of the leading experts in product security with over 15 years of experience in security engineering and 120 cybersecurity patents under his belt, Adam Boulton is one of the most experienced software security professionals in the industry.  Currently the SVP of Security Technology and Innovation at Cybellum, the Left to Our Own Devices […]

RVWP Hive Mind

RVWP: How CISA Harnesses the Hive Mind to Combat Ransomware

Stepping in to help entire industries better manage their connected devices, CISA is providing critical live vulnerability data directly to CPSOs. It remains unclear if teams are set up in a way to digest the data into vulnerability management and malware detection activities. ———- Last week, CISA announced their new Ransomware Vulnerability Warning Pilot (RVWP), […]

KB Bank Case Study

How KB Kookmin Bank Secured Their Software Supply Chain With Cybellum

KB Kookmin Bank recognized the growing product security challenge in providing modern services based on increasingly complex software.  More suppliers. More open source. More weak points.  Understanding the trust of their customers was paramount. The bank was ready to rethink the tools they were using in order to better understand their product security posture and […]

Intro to Automotive Cybersecurity Standards and Regulations

As vehicles have come to rely heavily on software and an increasingly complex software supply chain, the cyber threat landscape continues to evolve. Automotive cybersecurity standards and regulations for safety are more critical than ever. Industry-wide recognition of automotive cybersecurity risks has pushed regulators and industry leaders to double-down on regulation. The recent adoption of […]

SBOM & Beyond- Part 3

Keeping the Software Supply Chain Accountable with SBOMs

What will your team do if a software component or a supplier’s entire software suite becomes untrustworthy overnight? Do you have a backup plan in place?  It’s a scenario that every OEM fears, but many will confront– with most admitting they have no idea what they would do. That’s because current threat intelligence, CVEs, and […]

How SBOMs Can Forecast Product Security Storms

The Product Security community has had a rough go of it lately.  Ransomware attacks, New regulation, Greater internal liabilities, Oh, and no cross-industry processes to better manage the long tail suppliers.  Remember years ago how the local news team would forecast a sunny day, just for it to rain? But, with the advancements in connecting […]

LTOOD: Thomas LaRock

Insights From a Nation State Software Supply Chain Attack With Thomas LaRock

Two years following one of the worst cyber-espionage attacks on the USA, we sat down with Thomas LaRock from SolarWinds to learn about how they managed the SUNBURST crisis and came away stronger Thomas LaRock is the Senior Technical Product Marketing Manager–or as they like to put it ‘Head Geek’–at SolarWinds. After many years as […]

LTOOD- Social

2022, The Year Product Security Broke Away From the Pack

Shlomi Ashkenazy and David Leichner recap the highlights of the past year and light the beacon for Product Security managers in 2023.   2022 has been an incredible year for the Product Security community. New regulations gained traction, software bills of materials (SBOMs) became ‘the bomb’, and the ramifications of Log4j and other vulnerabilities made […]

Subscribe to our blog to stay updated