The new bill, the DHS Software Supply Chain Risk Management Act of 2021 (H.R. 4611), will secure the supply chains involved in Department of Homeland Security software contracts by requiring a new certification.
On-premises infrastructure has long been considered safer and more securable than its cloud counterpart. An increase in cyberattacks on on-premises systems is challenging this surety.
Instead of disrupting development with gates, organizations can implement a security champions program to build security guardrails into development. Here are five considerations for implementing an effective security champions program.
Software as a service (SaaS) has taken over, and the average enterprise now uses hundreds of unique SaaS applications to accelerate their digital transformation and business velocity. However, while SaaS has fulfilled its growth-enabling potential, most organizations have lost their grip on its consumption and use. IT and security teams can no longer depend on network or endpoint controls to govern application access.
Tim Danks, Huawei VP of Risk Management, discusses his thoughts on cybersecurity and the great need for global collaboration to build cyber risk management standards across the world.
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list.
To help software vendors and customers defend against these attacks, CISA and the National Institute for Standards and Technology (NIST) have released Defending Against Software Supply Chain Attacks. This new interagency resource provides an overview of software supply chain risks and recommendations. The publication also provides guidance on using NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate risks.
Researchers at Rapid7 evaluated five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staffs, and their internal business partners to address, in their new round of Internet Cyber-Exposure Reports (ICERs). These five facets of internet-facing cyber-exposure and risk include:
