Please note: This is being updated in real-time. The intent is to make sense of lots of simultaneous discoveries| boehs.org
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global Internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. It’s an u...| Schneier on Security
Open-source software (OSS) sits at the center of almost every digital technology moving the world since the early 1980s—laptops, cellphones, widespread internet connectivity, cloud computing, social media, automation, all the rainbow flavors of e-commerce, and even secure communications and anti-censorship tools.| Atlantic Council
The private sector’s risk from software supply chain compromises continues to grow. Feature-rich software is enlarging the potential attack surface| Atlantic Council
The recent cybersecurity catastrophe that wasn’t reveals an untenable situation, one being exploited by malicious actors.| Default
A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. An SBOM is a nested inventory, a list of ingredients that make up software components. While not a brand new concept, the ideas and implementation have advanced since 2018 through a number of collaborative community effort, including National Telecommunications and Information Administration’s (NTIA) multistakeholder process. | Cybersecurity and Infrastructure Security Agency CISA
