A Deeper Dive into VEX Documents

 

At the end of last summer, I wrote a blog post explaining the merits of Vulnerability Exploitability eXchange (VEX) documents. Almost 8 months later, I stand by the importance of these documents when it comes to efficient management of vulnerabilities. With our CTO, Eric Byres presenting on this very topic at S4x22, it seems like a good time to come back to VEX documents and dig into what they actually look like.

Read More

How Russia Might Come After the West

 

The DDoS attack surge that began last week against Ukrainian government agencies and banks was a bad sign. I was actually preparing a post and wondering if it was appropriate to call out Russia as, at that point, there was no formal attribution. 

But c’mon. 

Read More

Log4j: Panic or Lesson? | How to Protect Deployed Assets

 

Cleaning up the Mess will Take a Methodical Approach

Nearly every week the cybersecurity community buzzes around a newly discovered vulnerability or a breach. December’s alert for the CVE-2021-4428  vulnerability in Apache Foundation’s Log4j software is no different. Also known as the Log4Shell vulnerability, it is present within the log4j-core library commonly used for logging in Java applications. These applications are widely deployed in a huge...

Read More

Sorry Blackberry: You Are Part of the Supply Chain

Today, reporters Betsy Woodruff Swan and Eric Geller at Politico published a story: “BlackBerry resisted announcing major flaw in software powering cars, hospital equipment.”  They outline how BlackBerry willfully hid the fact that their key operating system QNX contained a collection of vulnerabilities (originally discovered and named BadAlloc by Microsoft). It seems other companies affected by BadAlloc announced the issue way back in May. Not so...

Read More

What is VEX and What Does it Have to Do with SBOMs?

Recently, we have been fielding many inquiries here at aDolus regarding “VEX.” If you are not familiar with this mysterious abbreviation, you’ve fortunately landed in the right place. This blog post explains what VEX is and the crucial role VEX plays within the Software Bill of Material (SBOM) space.

Read More

NTIA Publishes Minimum Components of an SBOM

In today’s blog post I’d like to recognize all the hard work done by NTIA (National Telecommunications and Information Administration) and congratulate them on publishing the minimum elements for a Software Bill of Materials… more commonly referred to as an SBOM. In particular, I’d like to give a shout-out to Allan Friedman who has been championing the SBOM cause for some time now. It’s good to see his committed effort captured in this comprehensive...

Read More

Kaseya Supply Chain Attack on SMBs

Last week I participated in a panel discussion on the Executive Order’s Impact On Embedded Device Security hosted by ISSSource.com. I signed off with a comment about my biggest worry: someone will combine professional ransomware with a software supply chain attack to create a truly massive ransomware attack.

Read More

aDolus Welcomes Mark Weatherford to Board

Cybersecurity veteran tapped to accelerate growth of ICS supply chain security leader

VICTORIA, BC, CANADA, June  23 -- aDolus Technology Inc., a global authority on software intelligence for critical infrastructure, today announced the appointment of Mark Weatherford to its Board of Directors.

Read More

Rod Campbell Joins aDolus as CEO

Seasoned financial and advisory executive to drive growth

VICTORIA, BC, CANADA, June 15, 2021 /EINPresswire.com/ -- aDolus Technology Inc., a global authority on software intelligence for critical infrastructure, today announced the addition of Rod Campbell as CEO.

Read More

Unpacking EO14028: Improving the Nation's Cybersecurity - Pt. 4

Section 3 - Less Fog, More Cloud

Section 3: Modernizing Federal Government Cybersecurity of the Executive Order is all about government agencies moving to the cloud and doing it right. If you are someone who believes that the cloud has absolutely no place in the industrial control systems (ICS) world, you are going to hate this section.

Read More