Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global Internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. It’s an u...| Schneier on Security
The private sector’s risk from software supply chain compromises continues to grow. Feature-rich software is enlarging the potential attack surface| Atlantic Council
The recent cybersecurity catastrophe that wasn’t reveals an untenable situation, one being exploited by malicious actors.| Default