Cybersecurity, Privacy, & AI

Trending Now

Russian Sandworm Hackers Blamed for Cyberattack on Polish Power Grid • OMB Rescinds ‘Burdensome’ Biden-Era Secure Software Memo • The Federal Government Ignored a Cybersecurity Warning for 13 Years. Now Hackers Are Exploiting the Gap • Trump Policies Are Helping Ensure the US Leads in Global AI Revolution, White House Economic Advisers Argue • CISA Identifies Technologies Ready for PQC Transition in Product Categories List

Published on June 3, 2021 • Cyber

In the Wake of Solar Winds Compromise, CISA and NIST Issue Guidance for Preventing, Defending, and Mitigating Software Supply Chain Attacks

The Cybersecurity & Infrastructure Security Agency and the National Institute of Standards and Technology have jointly published a new resource as part of their ongoing efforts to promote awareness of – and help organizations defend against – supply chain risks. The publication, Defending Against Software Supply Chain Attacks, provides recommendations for software customers and vendors as well as key steps for prevention, mitigation, and resilience of software supply chain attacks. The resource highlights three common, and not mutually exclusive, software supply chain attack techniques: highjacking updates, undermining codesigning, and compromising open-source code.

Source:

Epstein Becker Green: In the Wake of Solar Winds Compromise, CISA and NIST Issue Guidance for Preventing, Defending, and Mitigating Software Supply Chain Attacks

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.