Biden administration nears completion of second cybersecurity executive order with plethora of agenda items

Federal agencies would have to address everything from AI to cloud security to access management, sources told CyberScoop.

The post Biden administration nears completion of second cybersecurity executive order with plethora of agenda items appeared first on CyberScoop.

Continue reading Biden administration nears completion of second cybersecurity executive order with plethora of agenda items

Plan to resuscitate beleaguered vulnerability database draws criticism 

The National Vulnerability Database has ceased some of its work, but some experts fear the formation of a consortium to address its problems lacks sufficient urgency.

The post Plan to resuscitate beleaguered vulnerability database draws criticism  appeared first on CyberScoop.

Continue reading Plan to resuscitate beleaguered vulnerability database draws criticism 

A Software Bill of Materials Helps Secure Your Supply Chain

The software supply chain involves developing, maintaining and distributing software to end users. To enhance the functionality of the software being developed, developers frequently depend upon open-source components and libraries. These can be sourced from external vendors like Docker images or open-source projects and in-house providers. But while third-party vendors are often critical to software […]

The post A Software Bill of Materials Helps Secure Your Supply Chain appeared first on Security Intelligence.

Continue reading A Software Bill of Materials Helps Secure Your Supply Chain

Container Drift: Where Age isn’t Just a Number

Container orchestration frameworks like Kubernetes have brought about untold technological advances over the past decade. However, they have also enabled new attack vectors for bad actors to leverage. Before safely deploying an application, you must answer the following questions: How long should a container live? Does the container need to write any files during runtime? […]

The post Container Drift: Where Age isn’t Just a Number appeared first on Security Intelligence.

Continue reading Container Drift: Where Age isn’t Just a Number

Software bills of material face long road to adoption

Most cybersecurity leaders want a standard recipe list for software, but implementing an effective compliance regime remains the challenge.

The post Software bills of material face long road to adoption appeared first on CyberScoop.

Continue reading Software bills of material face long road to adoption

How to Prepare for a Cyberattack

Preventing cyberattacks isn’t easy. If it were, there wouldn’t be a continuous stream of ransomware attacks dominating news feeds, nor would the president of the United States feel compelled to issue executive orders on cybersecurity or to declare tha… Continue reading How to Prepare for a Cyberattack

Biden Executive Order on Cybersecurity Calls for Enhanced Software Supply Chain Security

The newly minted, and highly anticipated, Cybersecurity Executive Order from President Biden, marks the strongest stance ever taken by the Federal government in an attempt to secure our nation’s software supply chains from attack.  For the first t… Continue reading Biden Executive Order on Cybersecurity Calls for Enhanced Software Supply Chain Security

Biden’s cyber executive order to include new rules for federal agencies, contractors

Under a forthcoming White House order, companies that do business with the federal government would have to meet software security standards and swiftly report cyber incidents to a new entity within the Department of Homeland Security, sources familiar with a draft version of the document said. The order, which could be made public in a matter of weeks, is meant to improve the government’s ability to detect, coordinate, response to and investigate cybersecurity incidents, as well as promote supply chain security and push government contractors to up their defenses. It is spurred largely by the suspected Russian campaign in which hackers exploited the update process for SolarWinds’ Orion software, which led to the compromise of nine federal agencies and roughly 100 companies, the White House previously said. Some of the order’s measures are aimed at strengthening DHS and its Cybersecurity and Infrastructure Security Agency. The White House directive would establish […]

The post Biden’s cyber executive order to include new rules for federal agencies, contractors appeared first on CyberScoop.

Continue reading Biden’s cyber executive order to include new rules for federal agencies, contractors

Why You Need a Software Bill of Materials More Than Ever

Imagine that a new vulnerability in lodash was just announced. Applications using the npm package are being exploited through large scale automated DoS attacks. You need to act quickly to understand if your organization’s systems are at risk… Continue reading Why You Need a Software Bill of Materials More Than Ever