The US National Security Agency and CISA have published a set of guidelines to help secure systems from access- and identity-based threats. Here’s what to look for in this wide-ranging document.
An open-source program office (OSPO) can act as both gatekeeper and evangelist in an organization’s struggle to ensure ubiquitous open-source components – incredibly useful but vulnerable to bad actors and misuse – are deployed safe
The U.S. NSA, CISA and ODNI created the Securing the Software Supply Chain guide to focus on the software development lifecycle.
The OCSF looks to standardize and normalize the data that cybersecurity tools generate with the goal of making them work better together.
Every stakeholder, from the CISO to even the red team, wants the blue team to succeed against simulated cyberattacks. Sticking to this advice will help make that happen.
VEX adds context to software vulnerabilities to better inform risk assessment decisions.
Understanding the differences between these widely used software bill of materials format standards is important, but your tools will likely need to support both.
Scorecards automatically generates a score for open-source projects based on potential vulnerabilities and dependencies.