Most software depends on third-party components (libraries, executables, or source code), but there is very little visibility into this software supply chain. It is common for software to contain numerous third-party components that have not been sufficiently identified or recorded. Software vulnerabilities are both the byproduct of the human process of
Topic: Cyber Supply Chain
In this video we will examine the Cybersecurity Supply Chain Risk Management (C-SCRM) and mitigation tactic using cybersecurity risk design strategies to strengthen SCRM efforts for organizations directly involved in delivery of products, services, and solutions to the Federal government and all other tiers of the global supply chain.
The Defense Department has been failing to take into account the potential security risks of buying commercial off-the-shelf (COTS) technology items such as laptops, security cameras, software and networking equipment, according to the office of the Pentagon Inspector General.
Google confirmed that cyberthieves had managed to pre-install malware into the Android framework backdoor. In short, the malware appeared to be blessed by Google at the deepest point within Android.
The federal government wants to hold defense contractors accountable for the cybersecurity of their supply chains but that's no easy feat, experts said Tuesday.
Hackers are shifting their tactics away from traditional phishing and ransomware attacks, and moving toward stealthier intrusions via websites and the software supply chain, according to a recent report.
The military supply chain is vast, multifaceted, and riddled with potential cyber vulnerabilities.
Historically, an organization developed a Cybersecurity program to achieve compliance. It has been our experience, organizations which achieve full compliance cannot continue to operate because of strict Compliance requirements and the lack of a functional Cybersecurity program. The lack of a functional Cybersecurity program enables methodologies found
The massive size of the WordPress plugins ecosystem is starting to show signs of rot, as yet another incident has been reported involving the sale of old abandoned plugins to new authors who immediately proceed to add a backdoor to the original code.
Software assurance (SwA) is the “level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software, throughout the life cycle.”  The latest change to Department of Defense (DoD) Instruction (DoDI) 5000.02, Operation of the Defense Acquisition System