The Information Security Forum (ISF) announced the launch of ISF Aligned Tools Suite 2020, bringing together 14 ISF tools and cross reference aids, including a rebuilt Benchmark platform and the new IRAM2 WebApp. Aligned to the latest version of the Standard of Good Practice for Information Security 2020 (SOGP 2020), the suite – which also includes Security Healthcheck, Supply Chain accelerator tools and SOGP 2020 cross-references – helps ISF Members demonstrate compliance with international standards and assure security across their external suppliers.
StackRox released the findings of the State of Containers and Kubernetes Security Report, Fall 2020. Security incidents remain high (90 percent), and nearly half of respondents have delayed rolling out applications into production because of security concerns (44 percent). At the same time, organizations have progressed in developing DevSecOps initiatives (83 percent have some form in place) and in maturing their container and Kubernetes security strategies (only 25 percent lack a strategy).
Until March, there was a consistent narrative about supply chains and technology. Digitization had, gradually, come some way in the world of logistics. Manufacturers, shipping companies, and retailers — and the many other firms with solutions that represent the connective tissue between them — had been steadily integrating hardware and software technologies that leverage the internet (both “of things” and not).
There is hope in these uncertain times: with the right planning and execution, businesses can bounce back from what's quickly becoming a global recession and return to good health. It takes the right strategy, a flexible approach and a desire to achieve organizational resilience.
Risk Ledger, London-based cybersecurity company, part of the UK's Government's LORCA program, has produced a white paper designed to guide professionals who manage supply chain risks on how to tackle the situation.
The Linux Foundation’s Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH), announced the release of ‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.`
As we enter the new year, conversations within the security community often inevitably deal with issues and programs that will be of greatest concern to leadership in the coming months.
Citing the vital need for a secure U.S. industrial base, U.S. Senators Mike Crapo (R-Idaho) and Mark Warner (D-Virginia) have introduced bipartisan legislation to guard against attempts by China and others to undermine U.S. national security by exploiting and penetrating U.S. supply chains.
