Supply Chain Council of European Union | Scceu.org
News

AppSec Decoded: The NIST guidance on supply chain risk management

In this episode, we discuss how organizations can address the new supply chain risk management guidance from NIST.

AppSec/API Security 2022

President Biden’s May 2021 “Executive Order on Improving the Nation’s Cybersecurity” was, at 34 pages, unusually long for a presidential executive order. That’s in large part because it addressed a lot of topics.

But just one of those topics—securing the software supply chain—produced guidance on cybersecurity supply chain risk management from the National Institute of Standards and Technology that was nearly 10 times as long, at 326 pages.

The guidance goes into exhaustive depth and detail, but Tim Mackey, principal security strategist within the Synopsys Cybersecurity Research Center, read the whole thing and even annotated it.

In this first of two episodes of AppSec Decoded, recorded live at RSA 2022 in San Francisco, Mackey and Taylor Armerding, security advocate at Synopsys, discuss the overall focus of that guidance: How to build processes and programs around risk-based principles. That means setting priorities to fix what are the greatest risks to an organization and understanding that a software risk is a business risk.

Stay on top of the latest news in application security

Subscribe to the blog

Related posts

Supply Chain Issues Put Carmack Preemption In Spotlight

scceu

A third of programmatic supply chain costs ‘unattributable’, landmark study finds

scceu

Remittance & Money Transfer Software Supply Chain 2019 in Global Market – Remitly, Vayupay, BitExchange, ControlBox, Currency Remit App – Financial Sector

scceu