The Gigabyte firmware backdoor: Lessons learned about supply chain security
Firmware attacks can pose a substantial risk to the software supply chain. Here's what your software security team can learn from the latest compromise.
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
The Gigabyte firmware backdoor: Lessons learned about supply chain security
Can AI-based software supply chain risk be tamed by NeMo Guardrails?
Nvidia's tool is among the first to promise to manage the risk from generative AI. Here's what it can do — and an analysis of the scope of risk from AI.
Too costly to fail — and about to get costlier: Why software security matters
The cost of attacks on software supply chains could exceed $80.6B by 2026, a 76% increase over the $45.8B expected in 2023, a market research firm finds.
SLSA 1.0 delivers build provenance: What application security teams need to know
OpenSSF's updated framework is an essential tool for dev teams, but experts say it's incomplete as a supply chain security solution
CISA Secure by Design: 'It's a starting point, not an endpoint'
Here's what experts say about the CISA initiative's potential impact on software supply chain security — and security operations.
OSC&R embraces GitHub: Will it move the needle on supply chain security?
Here's what the Open Software Supply Chain Attack Reference (OSC&R) framework move means in the short run — and long term.
CISA Cybersecurity Performance Goals update: Key changes and additions
CPGs are now better aligned with NIST's Cybersecurity Framework (CSF), and supply chain goals have been added. MFA guidance is also new.
Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague
The vulnerabilities left the door open to malicious plug-in updates. Here's what you need to know.
.webp&w=3840&q=75)
Application security practices are maturing — but it's a work in progress
While best practices adoption for AppSec is up, many supply chain security problems remain, the OpenSSF SLSA framework survey shows.