New supply chain mandates: Uncle Sam wants you (to secure your software)!
Here are the key elements of Executive Order 14028, and software supply chain security guidance from the Enduring Security Framework working group.
Paul Roberts
Director of Content and Editorial at RL. Paul is a reporter, editor and industry analyst with 20 years’ experience covering the cybersecurity space. He is the founder and editor in chief at The Security Ledger, a cybersecurity news website. His writing about cyber security has appeared in publications including Forbes, The Christian Science Monitor, MIT Technology Review, The Economist Intelligence Unit, CIO Magazine, ZDNet and Fortune Small Business. He has appeared on NPR’s Marketplace Tech Report, KPCC AirTalk, Fox News Tech Take, Al Jazeera and The Oprah Show.
Posts from Paul Roberts
New supply chain mandates: Uncle Sam wants you (to secure your software)!
National Cyber Director: Higher bar for software supply chain security is key to cyber resilience
Chris Inglis said the government is setting a new bar for supply chain security as the national cybersecurity focus shifts from incident response to cyber resilience.
SBOMs are coming for medical devices. Prof. Kevin Fu explains what to expect
The medical device sector is under pressure to improve software supply chain security, and software bills of materials (SBOMs) are front and center. ReversingLabs talks with Professor Kevin Fu of the Archimedes Center at University of Michigan about what to expect.
Gaps in the NVD increase U.S. cyber threat
Discrepancies in reports to the national vulnerability databases (NVD) show the U.S. lags behind China, exposing U.S. firms to cyber attacks.
The pandemic turned out to be a boon for public-private cybersecurity cooperation
The shift to remote work punched holes in government networks. But it also fostered a transformation in public-private cooperation, one NSA official noted at LABScon.
ConversingLabs: Unpacking the Follina exploit
In our latest episode of the ConversingLabs podcast, host Paul Roberts interviews ReversingLabs researcher Joseph Edwards about his analysis of Follina, a newly discovered exploit with a pretty name, but nasty intentions.
Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world
New federal guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. A software bill of materials (SBOM) is central. Here are four key takeaways.
To secure your CI/CD pipelines, round up the usual suspects
A presentation at the Black Hat Briefings in Las Vegas dug into the “how” of CI/CD compromises. As it turns out, many of the culprits will be familiar to security teams.
Software supply chain security takes center stage at Black Hat 2022
software-supply-chain-security-takes-center-stage-at-black-hat-2022