- Dec 5, 2020 3:40 pm GMT
This December 2nd report from GitHub contains some insights that should give utility companies good reasons to implement software supply chain risk assessment controls based on industry best practices following the NIST Cybersecurity Framework. Here are a few of the valuable insights available in this report:
- It can take an average of over four years for vulnerabilities in open source software to be spotted
- GitHub tallied over 56 million developers on the platform, with over 60 million new repositories being created -- and over 1.9 billion contributions added -- over the course of the year.
- You would be hard-pressed to find a scenario where your data does not pass through at least one open source component
- Many of the services and technology we all rely on, from banking to healthcare, also rely on open source software. The artifacts of open source code serve as critical infrastructure for much of the global economy, making the security of open source software mission-critical to the world
- On average, vulnerabilities can go undetected for over four years in open source projects before disclosure. A fix is then usually available in just over a month,
- The open source community now plays a key role in the development of software, but as with any other industry, vulnerabilities are going to exist
- Using automated alerting and patching tools to secure software quickly means attack surfaces are evolving, making it harder for attackers to exploit."
Energy Central hosted a PowerSession on August 12, 2020 presenting best practices for software supply chain risk assessments for NERC CIP-010-3 software verification controls, which is available on demand here: https://energycentral.com/o/energy-central/demand-energy-central-powersession-series-cybersecurity-us-power-grid-software
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.