ConversingLabs

ConversingLabs - Episode 6
Season 1, EP 6

Robert Martin of MITRE on Supply Chain System of Trust

June, 2022 | Paul Roberts

MITRE, the non-profit corporation, has been instrumental in developing systems to help with issues related to software assurance. That includes the development of CVEs (Common Vulnerabilities and Exposures) and CWEs (Common Weakness Enumeration) not to mention the ATT&CK taxonomy of adversarial methods.

Now MITRE is taking things further and “stepping up into the organization” to focus on supply chain risk, according to Robert Martin, a Senior Principal Engineer at MITRE. COVID has highlighted supply chain risks - whether its availability, counterfeit products or - of course - cyber risk, he said. But solving supply chain problems is not simply a job for the IT group, but something that needs to be driven from the very top echelons of an organization.

His organization published a framework in early 2021 called the System of Trust (sot.mitre.org), which provides a framework for supply chain security risk assessments that is customizable, evidence-based, scalable and repeatable. Once implemented, the SoT will give organizations within the supply chain confidence in each other as well as different service offerings and supplies.

Martin sat down with ConversingLabs host Paul Roberts on the sidelines of the RSA Conference in early June.

In this conversation, he talks about how the software supply chain is highly complicated, due to an increasing number of things in society becoming cyber-enabled.

Martin explained how software is not written neatly end to end, but rather is built with drivers, dependencies, and frameworks that give the supply chain depth and magnitude. If software practitioners are not given visibility into this complicated picture, they will miss the software supply chain risks that pose a threat to their organizations.The SoT’s goal is to promote transparency, allowing developers to see all of the players in the supply chain.

Check out the full conversation with Martin below!

Paul Roberts

About Author: Paul Roberts

Cyber Content Lead at ReversingLabs. Paul is a reporter, editor and industry analyst with 20 years’ experience covering the cyber security space. He is the founder and editor in chief at The Security Ledger, a cybersecurity news website. His writing about cyber security has appeared in publications including Forbes, The Christian Science Monitor, MIT Technology Review, The Economist Intelligence Unit, CIO Magazine, ZDNet and Fortune Small Business. He has appeared on NPR’s Marketplace Tech Report, KPCC AirTalk, Fox News Tech Take, Al Jazeera and The Oprah Show. You can find Paul online on Twitter (@paulfroberts and on LinkedIn).

Subscribe

Sign up now to receive the latest
notifications and updates from
ConversingLabs.

Get Started
Request a DEMO

Learn more about how ReversingLabs can help your company.

REQUEST A DEMO