- Dec 16, 2021 3:28 pm GMT
Just what we needed on the heels of the Log4j vulnerability, another remote code execution (RCE) vulnerability - see link below.
It feels like we are drowning in vulnerabilities and the life rafts are scarce. The energy industry could benefit greatly by following the advice of EEI and require software vendors to provide SBOM's as apart of the procurement contract negotiations. Once an SBOM is in hand a software customer can follow the NATF Security Assessment Model and NIST SP 800-161 R2 Appendix F guidelines for supply chain risk assessment best practices using SBOM, see this Energy Central article for details.
Never trust software, always verify and report!™
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.