The SBOM has a long history — but what’s next is what matters
Software bills of materials (SBOMs) are having their day — they're even government-mandated at times. In September 2023, the U.S. Food and Drug Administration issued its final version of “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” The guidance corresponds to the 2023 Consolidated Appropriations Act, ... Read More
What’s in your commercial software?
The concept of software supply chain security (SSCS) has taken center stage over the past few years in the wake of new federal policies, increases in the threats to open-source platforms, and the continuing struggles to patch critical vulnerabilities. However, one of the most under-addressed areas of SSCS is commercial ... Read More
Secure by Demand: Key takeaways for enterprise software buyers
This week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) took a major step forward as it continues to define federal software supply chain security policy. “Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem” serves as the official counterpart to the CISA’s landmark Secure by ... Read More
‘Software Supply Chain Security for Dummies’: 3 takeaways for your team
If you’re a cybersecurity professional working at any modern, connected organization that handles sensitive data and holds valuable intellectual property, the specter of a software supply chain compromise looms large. ... Read More
The Polyfill.io software supply chain attack: Lessons learned
See RL's Joshua Knox break down the Polyfill.io supply chain attack on YouTube ... Read More
How to assess and manage commercial software risk
Five years ago, we didn’t hear much about software supply chain attacks. Today, they’re commonplace. Barely a week goes by without news of malicious or compromised packages tempting developers on open-source repositories such as npm, GitHub, and Python Package Index (PyPI). But although it can seem at times that the ... Read More
What you missed at RSA Conference 2024: Key trends and takeaways
The 32nd annual RSA Conference (RSAC) – one of the biggest cybersecurity shows in North America — was held in San Francisco last week at the Moscone Center. The who's who-event was jam-packed with hundreds of vendors, speaking sessions, and all kinds of goodies ... Read More
What’s hot at RSAC 2024: 8 SSCS talks you don’t want to miss
In the span of just a few years, software supply chain security has evolved from being a niche security topic to a top priority for development organizations, security practitioners and CISOs alike. That shift is evident when you take a peek at the schedule for this year’s RSA Conference in ... Read More
How NIST CSF 2.0 and C-SCRM help manage software supply chain risk
The U.S. National Institute of Standards and Technology (NIST) released the first version of its Cybersecurity Framework (PDF) in 2014. It was originally designed for use by the U.S.'s critical infrastructure sectors to help them better manage cybersecurity threats. As for the enterprises and small businesses that make up the ... Read More
What’s hot at RSAC 2024: 7 must-see talks for security operations teams
RSA Conference 2024 is almost here. If you’re among the thousands of security leaders heading to San Francisco this May, you'll want to manage your schedule — and filter out the noise from the hundreds of vendors and the thousands of security industry reps who will flood the Moscone Center. ... Read More
