Government’s supply chain risk is drawing more attention than ever, Capitol Hill aides say

Supply chain risk is one of the main things keeping cybersecurity-focused government officials and partners up at night, speakers said at a conference Wednesday in Washington, D.C. The possibility of vulnerabilities being introduced into government networks through a piece of foreign-made hardware or software has spooked agencies into thinking more about how to work with vendors, congressional staffers and government security contractors said at the KNOW Identity Conference. The federal government has cracked down lately on what it sees as risks from foreign technology companies such as Kaspersky, Huawei and ZTE. The potential problems go much deeper than that, the speakers said. Vulnerabilities deep in a service’s supply chain can be difficult for either the government or the vendor to detect and can be exploited by hackers. Simply trusting vendors to do the work isn’t enough, said Nick Leiserson, legislative director for Rep. Jim Langevin, D-R.I., said. “The idea that we’re just […]

The post Government’s supply chain risk is drawing more attention than ever, Capitol Hill aides say appeared first on Cyberscoop.

Continue reading Government’s supply chain risk is drawing more attention than ever, Capitol Hill aides say

Bug Hunters Prefer Communication Over Compensation

Results of a NTIA survey published today show that researchers prefer open communication with vendors over financial compensation when it comes to vulnerability disclosure. Continue reading Bug Hunters Prefer Communication Over Compensation