Supply Chain

The Supply Chain Needs Better Cybersecurity and Risk Management

The supply chain is under a historic amount of pressure, but the strain on its cybersecurity and risk management may be in even worse condition. As 2021 draws to a close, the global supply chain is in a state comparable to rush-hour traffic in bad weather. Everything seems to be backed up whether due to supply and demand issues, wait times at shipping ports, or any number of other delays.

How Vulnerability Management Secures Supply Chain and Production in Manufacturing

Manufacturing is one of those industries that seems like a natural fit for vulnerability management, in part because these companies can be such easy targets for cyber criminals. Manufacturers in many cases operate far-flung, global facilities including factories, warehouses, and other distribution points. Increasingly, these different facilities are connected as companies look to modernize their operations through digital transformation.

Don't Let Supply Chain Attacks Get the Best of You

The past two years have brought about significant disruptions to global supply chains. Recent headlines have focused on labor shortages and their impact on everything from product production to shipping delays. However, another, more significant supply chain issue should be top of mind for every organization: supply chain attacks.

SCA Should Be in Your Toolbox to Address Supply Chain Risk

Software composition analysis (SCA) tools provide automated visibility throughout the software development life cycle (SDLC) for more efficient risk management, security, and license compliance. As organizations accelerate their digital initiatives, they rely on development teams both internally and externally to build the applications that will help them move forward. But applications are also a popular target for criminals.

FTC highlights the importance of securing Log4j and software supply chain

Earlier this week, the FTC issued a warning to companies regarding the Log4j vulnerability. Given the rampant exploitation of the recently discovered vulnerabilities in this ubiquitous open source logging package, it’s encouraging to see the agency take this rare step, beginning to form a firm stance on software supply chain security. Although this increased scrutiny from the FTC may at first seem daunting, violations can be remediated with the right practices.

Automotive Industry Glance

Subscriptions-based services are a reality we all are getting used to; most people no longer buy physical media for example, opting to use streaming services for movies and music. This has numerous advantages like letting us explore new artists and genres without additional costs and commitment. Yet, while best known for its implementation in the digital world, subscription payment models are slowly but surely being adopted by more and more industries.

How to cyber security: Software supply chain risk management

Effective software supply chain risk management requires security measures throughout the entire supply chain. Risk management is a well-understood part of business. Personified, risk management would be a dusty, gray man with a gray beard who asks questions that make you uncomfortable. Risk management is about understanding threats to your business and figuring out how you will deal with them.

Q3 2021 Threat Landscape Ransomware in the Supply Chain

In a pattern of continued growth across the third quarter of 2021, ransomware remains the dominant threat type, more than doubling since 2021 Q1, fuelled by an exponential increase in the initial access broker marketplace. Incidents of unauthorized access and the risk of insider threats also increased, but to a far lesser extent, accounting for roughly 20% of incidents in the same period.

AppSec Decoded: A proactive approach to building trust in your software supply chain | Synopsys

In this episode of AppSec Decoded featuring Sammy Migues, principal scientist at Synopsys and coauthor of the BSIMM report, and Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center (CyRC), we discuss why the software supply chain is an inviting target for hackers and how companies can implement a proactive approach to software supply chain security with security activities that won’t slow down innovation.