News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By Adrianne Appel2023-02-15T21:02:00
Cyberattacks on software are increasing, and the best chance organizations have of protecting themselves is to know about potential vulnerabilities through a software bill of materials (SBOM), according to a senior adviser and strategist at the Cybersecurity and Infrastructure Security Agency.
Computer software is in everything from cars to manufacturing equipment, but unlike metal parts, barrels of liquids, or other items used in production, we often know nothing about who created the software and its history. This has created huge risk for organizations, said Allan Friedman during his keynote address at Day 1 of Compliance Week’s virtual Cyber Risk & Data Privacy Summit on Wednesday.
“The security of software has gotten better” over time, but software is created by humans and humans make mistakes, Friedman said. “The starting point is transparency.”
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
2023-10-04T11:32:00Z By Adrianne Appel
The new artificial intelligence framework released by the National Institute of Standards and Technology is not a checklist for AI but might help organizations better manage the risks associated with the technology.
2023-07-31T18:43:00Z By Kyle Brasseur
Sen. Ron Wyden (D-Ore.) is calling on federal agencies to hold Microsoft accountable for “negligent cybersecurity practices” that played part in a Chinese hacking campaign that targeted U.S. government email addresses.
2023-07-20T18:37:00Z By Adrianne Appel
The “biggest, most capable, and best-positioned” businesses must assume a greater share of mitigating cyber risks, the White House said in announcing the National Cybersecurity Strategy Implementation Plan.
2024-06-27T16:37:00Z By Aaron Nicodemus
The U.S. Department of Energy released supply chain cybersecurity principles meant to help strengthen key technologies used to manage and operate electricity, oil, and natural gas systems.
2024-05-21T19:27:00Z By Adrianne Appel
The Environmental Protection Agency is increasing its inspections of public drinking water systems after finding a majority of those reviewed were vulnerable to cyberattacks and related threats.
2024-05-07T21:21:00Z By Adrianne Appel
Verizon’s annual data breach report shows trends in cybersecurity incidents, including more ransomware and extortion attacks last year.
Site powered by Webvision Cloud