Collaborate Disseminate
The National Vulnerability Database has ceased some of its work, but some experts fear the formation of a consortium to address its problems lacks sufficient urgency.
The post Plan to resuscitate beleaguered vulnerability database draws criticism appeared first on CyberScoop.
Continue reading Plan to resuscitate beleaguered vulnerability database draws criticism
The software supply chain involves developing, maintaining and distributing software to end users. To enhance the functionality of the software being developed, developers frequently depend upon open-source components and libraries. These can be sourced from external vendors like Docker images or open-source projects and in-house providers. But while third-party vendors are often critical to software […]
The post A Software Bill of Materials Helps Secure Your Supply Chain appeared first on Security Intelligence.
Continue reading A Software Bill of Materials Helps Secure Your Supply Chain
Container orchestration frameworks like Kubernetes have brought about untold technological advances over the past decade. However, they have also enabled new attack vectors for bad actors to leverage. Before safely deploying an application, you must answer the following questions: How long should a container live? Does the container need to write any files during runtime? […]
The post Container Drift: Where Age isn’t Just a Number appeared first on Security Intelligence.
Continue reading Container Drift: Where Age isn’t Just a Number
Most cybersecurity leaders want a standard recipe list for software, but implementing an effective compliance regime remains the challenge.
The post Software bills of material face long road to adoption appeared first on CyberScoop.
Continue reading Software bills of material face long road to adoption
Preventing cyberattacks isn’t easy. If it were, there wouldn’t be a continuous stream of ransomware attacks dominating news feeds, nor would the president of the United States feel compelled to issue executive orders on cybersecurity or to declare tha… Continue reading How to Prepare for a Cyberattack
The newly minted, and highly anticipated, Cybersecurity Executive Order from President Biden, marks the strongest stance ever taken by the Federal government in an attempt to secure our nation’s software supply chains from attack. For the first t… Continue reading Biden Executive Order on Cybersecurity Calls for Enhanced Software Supply Chain Security
Under a forthcoming White House order, companies that do business with the federal government would have to meet software security standards and swiftly report cyber incidents to a new entity within the Department of Homeland Security, sources familiar with a draft version of the document said. The order, which could be made public in a matter of weeks, is meant to improve the government’s ability to detect, coordinate, response to and investigate cybersecurity incidents, as well as promote supply chain security and push government contractors to up their defenses. It is spurred largely by the suspected Russian campaign in which hackers exploited the update process for SolarWinds’ Orion software, which led to the compromise of nine federal agencies and roughly 100 companies, the White House previously said. Some of the order’s measures are aimed at strengthening DHS and its Cybersecurity and Infrastructure Security Agency. The White House directive would establish […]
The post Biden’s cyber executive order to include new rules for federal agencies, contractors appeared first on CyberScoop.
Imagine that a new vulnerability in lodash was just announced. Applications using the npm package are being exploited through large scale automated DoS attacks. You need to act quickly to understand if your organization’s systems are at risk… Continue reading Why You Need a Software Bill of Materials More Than Ever