A joint Cybersecurity Advisory from the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the FBI, published Tuesday, June 8, outlines how state-sponsored hackers from the PCR (People’s Republic of China) have been exploiting known vulnerabilities – CVEs – to target public and private sector organizations worldwide, including in the United […]
The National Institute of Standards and Technology (NIST) published an updated guidance on managing supply chain cybersecurity risks on May 5th 2022, titled “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations” (C-SCRM), for organizations that are acquirers and end users of products, software and services. The update includes a detailed list of C-SCRM […]
After many years of hard work, the NTIA (National Telecommunications and Information Administration) published an important document in July 2021: The Minimum Elements for a Software Bill of Materials (SBOM). True to its name, the document details a list of the elements a minimal SBOM should include.