Fixing supply chain vulnerabilities should be a team effort

In the last few weeks, the Ripple20 vulnerabilities have once again brought the challenge of securing IoT and OT devices to the forefront, underscoring the risky supply chain of software and hardware components that serves as the foundation for many of these devices. While these vulnerabilities are significant on their own, what they show on a more fundamental level is the dire need to rethink how we are all approaching IoT security as an industry, all the way from manufacturing to the mitigation of vulnerabilities. What makes the Ripple20 vulnerabilities so widespread is that the security flaws lie in the TCP/IP stack that underlies many embedded systems, including industrial control systems, medical devices, and printers. It’s not just one type of device or manufacturer that is impacted by this, but potentially hundreds of millions that this software crept into their supply chain. This is an opaque process, with little or […]

The post Fixing supply chain vulnerabilities should be a team effort appeared first on CyberScoop.

Continue reading Fixing supply chain vulnerabilities should be a team effort

Ripple20 Zeek package open sourced

By Ben Reardon, Corelight Security Researcher Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/d… Continue reading Ripple20 Zeek package open sourced