September 6, 2024 at 10:05AM Summary: Protecting critical infrastructure from state-sponsored cyber threats, such as Volt Typhoon, is crucial for public safety and national security. Transparency, information sharing, and strong partnerships between public and private sectors are essential for combating these threats. Utilizing software bills of materials and observability can help enhance cybersecurity efforts and … Read more
September 3, 2024 at 10:07AM Summary: Software supply chain attacks pose significant challenges to the DevSecOps community, emphasizing the need for improved resilience. Key components include visibility, governance, and continuous deployment. Organizations should focus on understanding their environments in real-time, implementing good governance, and continuously testing and monitoring for vulnerabilities to strengthen their security posture. … Read more
July 23, 2024 at 10:07AM The SBOM, originally created by NTIA, has transitioned from niche to mandatory for federal agencies and security teams due to the rise in supply chain attacks. However, the current fragmented implementation is hindering its effectiveness. The need for a unified, comprehensive format is crucial to enhance software supply chain security … Read more
July 10, 2024 at 08:09AM The “2024 Attack Intelligence Report” from Rapid7 reveals that zero-day vulnerabilities were widely exploited in 2023 and 2024, leading to mass compromise events. As IoT firmware is predominantly comprised of vulnerable open-source components, patching alone is insufficient. Isolated partitioning at the task level is proposed as a more effective solution … Read more
June 26, 2024 at 06:57AM Software-producing organizations are facing increasing regulatory and legal pressure to secure their supply chains and protect their software integrity. The software supply chain has become a prime target for attackers, as seen in the Log4j breach. To address these security challenges, organizations should consider various measures, including governing the software … Read more
June 12, 2024 at 03:30PM Starting June 11, US government contractors must submit a Secure Software Development Attestation Form, confirming adherence to secure-by-design principles and scrutiny of software components through software bills of material (SBOMs). Only 20% of respondents are prepared for this federal cybersecurity attestation, with 16% incorporating SBOMs into their software development. Other … Read more
June 5, 2024 at 04:00PM Karamba Security announced that BYD, a major EV manufacturer, has adopted its VCode software to create a Software Bill of Materials (SBOM) for electronic control units, enhance supply-chain security, and meet cybersecurity regulation UN R155. The tool aims to help manufacturers identify and address cybersecurity issues before production and comply … Read more
March 8, 2024 at 04:58PM CISO Corner is the Dark Reading weekly digest tailored for security operations and leadership. It provides diverse perspectives on cybersecurity strategies, including NSA’s guidelines for zero-trust security, using randomness for encryption, creating software bill of materials for electric substations, CEO support for CISOs, managing open source security, DMARC deployment in … Read more
March 6, 2024 at 08:03AM Southern Company undertook a project to create a software bill of materials (SBOM) for its Mississippi substation, involving inventorying hardware, software, and firmware, and gathering supply-chain information from 17 vendors. The process included challenges such as limited vendor cooperation and outdated SBOMs upon receipt. The project highlighted the importance of … Read more
February 26, 2024 at 05:25PM Summary: CISA, NSA, and FBI warn of U.S. critical infrastructure attacks by “Volt Typhoon,” linked to CCP. Fortress Information Security partners with power companies to mitigate exposure, offering File Integrity Assurance (FIA) for compliance with CIP standards. Research reveals high likelihood of vulnerabilities in software from Russia or China, emphasizing … Read more