- Aug 26, 2021 4:23 pm GMT
It's important to understand that the software supply chain consists of two distinct phases, that must be secured:
- Software Development Life Cycle (SDLC) supply chain activities, performed by a software vendor
- Cyber Supply Chain Risk Management (C-SCRM) activities, performed by software consumers
The activities performed during each phase are distinctly different and the evidence data produced during each phase is also very different.
Next Tuesday, 8/31, I will be presenting an overview of phase 2 activities, performed by software consumers, to NPCC TFIST, describing best practices to perform software verification for NERC CIP-010-3 requirements.
The software supply chain is, perhaps, our weakest link, when it comes to securing our digital ecosystems across critical infrastructure. These steps taken by the Biden Administration, and the industry leaders that committed to improving protections against cyber threats, is the first step in a long journey - that we must take to stop ransomware and other harmful software from being installed. We cannot secure the software supply chain without the combination of SBOM's and commercially available C-SCRM solutions that process SBOM's.
REMINDER: The Linux Foundation is hosting an SBOM test-bed called DocFest on September 16th to ensure interoperable SBOM's are available across critical infrastructure - please encourage your software vendors to participate in this important industry cause.
Never trust software, always verify and report!™
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.