Collaborate Disseminate
The massive exploit of SolarWinds is a prime example of what is called a “supply chain” vulnerability. The vast majority of those impacted by the Russian SolarWinds attack probably had never even heard of the company SolarWinds, and did not realize th… Continue reading Supply Chain Security – Not As Easy As it Looks
A report published today by application security testing tool provider GrammaTech in collaboration with Osterman Research suggests just about every software supply chain is rife with vulnerabilities. An analysis of commercial off-the-shelf (COTS) appl… Continue reading Report Finds Software Supply Chains Rife with Vulnerabilities
The Biden administration said it’s drafting an executive order to help the United States government better defend itself against digital supply chain attacks. A Step Up for Federal Procurement According to NPR, the executive order that’s being drafted … Continue reading Biden Administration Drafting EO to Help U.S. Gov’t Secure Digital Supply Chain
Cybersecurity Supply Chain Risk Management (C-SCRM) deals with more than protecting an organization from cyber-attacks on third parties. It also addresses third parties to those third parties (known as “fourth parties”). Further still, a vendor to your… Continue reading Understanding Cybersecurity Supply Chain Risk Management (C-SCRM)
There is a story from years ago about a warehouse network of computers that was separated from the main network. Those machines were running older OSes. But since they weren’t connected to the company network, didn’t hold company data, and only ran the… Continue reading Supply Chain Risk Management – What You Need to Know to Build a Successful SCRM Program