In an increasingly digital world, cybersecurity has become a critical concern for companies. With the rise of sophisticated cyber threats, protecting critical infrastructure and ensuring the continuity of essential services has become a top priority. The EU’s Network and Information Security Directive (NIS2), which supersedes the previous directive from 2016, establishes a framework to enhance the security and resilience of network and information systems.

‍Security is at the heart of what we do at Vanta—helping our customers improve their security and compliance posture starts with our own. Our team’s mission is to ensure that Vanta is a trusted and trustworthy steward of customer data. ‍ At Vanta, we believe that nurturing and scaling our security culture is one of the most powerful ways to achieve our mission. We define security culture as the norms, behaviors, and attitudes around security.

Our team has been hard at work creating updates and new features just for you, see what we’ve been up to over the last month.

You don’t need us to tell you that open source software is becoming a very significant percentage of commercial software codebases. Open source components are free, stable, and enable you to focus your resources on the innovative and differentiated aspects of your work. But as the use of open source components increases, compliance with open source licenses has become a complex project of growing importance. So how can you stay on top of compliance and what tools are out there to help?

The U.S. Securities and Exchange Commission (SEC) recently announced a ruling aimed at enhancing public companies’ cybersecurity risk management, strategy, governance and incident disclosure. To sum it up, companies must report cyberattacks within four days of determining an incident is “material” and divulge details about their cybersecurity programs annually.