Evolving Threats and Regulations in Software Supply Chain Security
13 min read
Evolving Threats and Regulations in Software Supply Chain Security
By Eric Byres on February 13, 2024

2023 is in the rearview mirror and 2024 is now well underway. I wanted to post my thoughts on some of the software supply chain trends we saw last year and how they will continue to shape...

Continue Reading
An Analysis of Generative AI: How to Be Confidently Wrong
7 min read
An Analysis of Generative AI: How to Be Confidently Wrong
By Marcello Delcaro on April 11, 2023

The recent release of the National Cybersecurity Strategy document by the White House prompted me to test Microsoft's new Bing chat feature, which is powered by OpenAI's language model,...

Continue Reading
Three Quick Takeaways from Biden’s National Cybersecurity Strategy
2 min read
Three Quick Takeaways from Biden’s National Cybersecurity Strategy
By Eric Byres on March 2, 2023

NOTE: We were going to publish our second blog of the S4x23 SBOM Challenge today. However, the new National Cybersecurity Strategy was released this morning, and we thought that...

Continue Reading
A Flurry of Regulatory Action and the Need for SBOMs
5 min read
A Flurry of Regulatory Action and the Need for SBOMs
By Eric Byres on October 12, 2022

Executive Order 14028 on Improving the Nation's Cybersecurity was issued in May of 2021 and provided a roadmap for a series of regulatory initiatives that government agencies (and anyone...

Continue Reading
Sorry Blackberry: You Are Part of the Supply Chain
2 min read
Sorry Blackberry: You Are Part of the Supply Chain
By Eric Byres on November 2, 2021

Today, reporters Betsy Woodruff Swan and Eric Geller at Politico published a story: “BlackBerry resisted announcing major flaw in software powering cars, hospital equipment.” They outline...

Continue Reading
Unpacking EO14028: Improving the Nation's Cybersecurity - Pt. 4
5 min read
Unpacking EO14028: Improving the Nation's Cybersecurity - Pt. 4
By Eric Byres on May 26, 2021

Section 3 - Less Fog, More Cloud Section 3: Modernizing Federal Government Cybersecurity of the Executive Order is all about government agencies moving to the cloud and doing it right. If...

Continue Reading
Unpacking EO14028: Improving the Nation's Cybersecurity - Pt. 3
3 min read
Unpacking EO14028: Improving the Nation's Cybersecurity - Pt. 3
By Eric Byres on May 21, 2021

So you don’t sell to the Feds… Today’s blog is going to take a break from analyzing a specific section of the Executive Order on Improving the Nation’s Cybersecurity and focus on who will...

Continue Reading
Unpacking EO14028: Improving the Nation's Cybersecurity - Pt. 2
3 min read
Unpacking EO14028: Improving the Nation's Cybersecurity - Pt. 2
By Eric Byres on May 18, 2021

Removing Barriers to Sharing Threat Information On Friday we dissected Section 4: Enhancing Software Supply Chain Security of the new Executive Order on Improving the Nation’s Cybersecurity...

Continue Reading
Unpacking EO14028: Improving the Nation's Cybersecurity - Pt. 1
4 min read
Unpacking EO14028: Improving the Nation's Cybersecurity - Pt. 1
By Eric Byres on May 14, 2021

Late Wednesday night President Biden signed the Executive Order on Improving the Nation’s Cybersecurity. Compared to any Executive Order (EO) I’ve seen, this is a massive and complex...

Continue Reading
3 Month Reprieve for Utilities on Cybersecurity Supply Chain Standards
3 min read
3 Month Reprieve for Utilities on Cybersecurity Supply Chain Standards
By Eric Byres on April 21, 2020

Earlier this month, as the coronavirus accelerated its alarming sprint across North America, NERC requested that FERC defer a number of looming deadlines for Reliability Standards....

Continue Reading
Loading more posts
No more posts to load
1

Stay up to date