President Biden’s Executive Order includes a provision that would require software vendors selling to the federal government to maintain a Software Bill of Materials (SBOM). Unfortunately, it’s not that simple.
12-Year-Old Router Vulnerability Discovered Affecting Millions of Devices Exposing Serious Supply Chain Risks
Hackers are exploiting a 12-year-old router vulnerability existing in the Arcadyan firmware, potentially affecting millions of devices on home and corporate networks, and exposing serious supply chain risks.
Biden Administration Signals Dramatic Shift in Focus To Confront Cyber Concerns in Government Contracting
While the Executive Order primarily focuses on concrete steps the federal government must take to adopt cybersecurity best practices, there are several provisions that will also significantly impact government contractors, subcontractors and other private sector entities.
As malicious actors increasingly zero in on supply chain attacks, both third-party solutions providers and end users must make a more concentrated effort to shift to a ‘validation before implementation’ model.
Corporate boards are increasingly concentrating on cybersecurity issues. Here’s how to ensure they focus on third-party risk, too.
While there was no unauthorized access of user accounts for the third party breach, Dave’s users can expect phishing and identity fraud scams based on the information that was breached.
Supply chain security is becoming an increasing concern in COVID-19 outbreak as new opportunities are provided to cyber criminals seeking to exploit vulnerabilities.
New Vendor Cyber Security Certification Set to Improve Pentagon Supply Chain Security, but the Price May Sting Smaller Vendors
With tens of thousands of contractors serving the Defense Department, the new vendor cyber security certificate aims to improve supply chain security by assessing contractors before allowing them to bid.
Supply chain security is a hot issue for enterprises with increasing third party data breaches. Recent (ISC)² study indicates these breaches are more likely the fault of a large enterprise partner than a small one.