Vendor risk must be a core part of every company’s cybersecurity program, but it is hard. Especially when the company is a tech company, developing software that you use. The term Minimum Viable Product or MVP is a term marketing folks have used for years to describe creating a version 1 product that has the […]
Continue reading → [DISPLAY_ACURAX_ICONS]59% of cybersecurity executives at large and medium organizations say that they have LOST business due to product security concerns for connected and embedded devices. 45% say that customers want detailed information about what is in their devices, but only 11% of companies have high confidence that they can do that, even if they want […]
Continue reading → [DISPLAY_ACURAX_ICONS]While the details of this are interesting, what is more important is thinking about all of the contracts that you sign. This is a legal battle that goes back several years. In one corner is Fiserv, the Fortune 200 +/- financial services software behemouth. In the other corner is Bessemer System Federal Credit Union, a […]
Continue reading → [DISPLAY_ACURAX_ICONS]I have been talking a lot about supply chain risk lately and there is a good reason. From open source products with backdoors like Webmin or Rubygems to NotPetya a few years ago which shut down many companies around the world to the recent attacks against SolarWinds or Centreon, supply chain attacks are running rampant. […]
Continue reading → [DISPLAY_ACURAX_ICONS]I have been ranting about Software Bills of Material or SBoM for a while. This week I have two examples of why this is important – even critical. The first story is about a TCP/IP network stack and the vulnerability is called Amnesia:33. It impacts four open source libraries – uIP, FNET, picoTCP and Nut/Net. […]
Continue reading → [DISPLAY_ACURAX_ICONS]France Says it is Going Ahead with Digital Tax France has been complaining that U.S. companies (mostly) have not been paying their fair share of French taxes since they are not selling widgets that delivered in France, so they came up with this digital tax, a 3% tax on digital services delivered in France. They […]
Continue reading → [DISPLAY_ACURAX_ICONS]