NTIA Publishes Minimum Components of an SBOM

In today’s blog post I’d like to recognize all the hard work done by NTIA (National Telecommunications and Information Administration) and congratulate them on publishing the minimum elements for a Software Bill of Materials… more commonly referred to as an SBOM. In particular, I’d like to give a shout-out to Allan Friedman who has been championing the SBOM cause for some time now. It’s good to see his committed effort captured in this...

Read More

Podcast: Where Do Your Bits Really Come From?

Earlier this year I attended the Public Safety Canada Industrial Control System Security symposium in Charlottetown, PEI (FYI the PSC ICS events are outstanding - worth attending, even if you are not Canadian). While there, I had a chance to meet with an old friend, Andrew Ginter, Vice President of Industrial Security at Waterfall Security Solutions. We chatted about an issue I’ve been interested in – or, dare I say, obsessed with – for a while...

Read More

Who Infected Schneider Electrics’ Thumbdrive?

 

On 24 August 2018 Schneider Electric issued a security notification alerting users that the Communications and Battery Monitoring devices for their Conext Solar Energy Monitoring Systems  were shipped with malware-infected USB drives.

Read More