Government agencies are rethinking the ways they approach risk management, especially when it comes to protecting the software supply chain.
As with cybersecurity mitigations and controls, cyber risks are typically introduced via three categories: people, processes, and technologies. Risks associated with people and technologies are well known and manifest as phishing emails, social engineering, or software vulnerabilities and the introduction of malicious code onto a system. But what about risks introduced by poor or incomplete processes – for example, a patch that is not implemented quickly enough, unpatched/vulnerable third party and/or open source software components, or insecure software development practices? More hackers are exploiting these backdoors to infiltrate software delivery supply chains.
Let’s take a deeper look at process risks.
Process Risks Open the Door for Attacks That Target Loopholes in Software Development and Delivery
Until recently process security focused on two things: IT processes, such as vulnerability management or applying patches to minimize windows of exposure, and secure software development practices. But we’ve recently seen a rise…
