Measuring Cyber Risk in Your Digital Supply Chain

Although there’s some disagreement over when agencies will actually start benefitting from them, many agencies are currently laying the foundation to start using SBOMs.

Read more

Chris DeRusha, the federal chief information security officer, said the focus on securing commercial software comes from the cyber executive order.

As federal agencies and contractors come to grips with the burden of protecting their software supply chain, understanding who had a hand in the development of their software products has taken on increasing importance. It comes down to pedigree. Where did your software come from? Was it domestic or international? Who had a hand in developing it?

In the federal software world, supply chains are often extensive. How can an agency ensure its risk assessments can adequately gauge potential threats? The Federal Drive’s Tom Temin asks just that of RiskRecon cyber expert John Ehret.