Betteridge's law should tell you the answer to this! Of course the answer here is no. We almost certainly do not understand our supply chains, and I suspect it's likely that we never will. The NIST have put out a standard for risk management of supply chains, which is a…
Happy sunday on a gloriously sunny day. Some of you might have noticed that I didn't send a newsletter last week, and I'd love to have a good excuse…
How you deal with vulnerabilities is critical to your organisations approach to security. In far too many organisations, there simply isn't any defined…
We sometimes talk about "securing the software supply chain" as if it will prevent bugs and issues, which isn't quite accurate. The increasing number of…
Humans are funny creatures, we're afraid of flying but drive cars on a daily basis despite one being the safest form of travel and the other being the…
Zero trust is the architecture we talk about where there is zero trust in the fact that the requests are "coming from inside the network". But in fact…
I’ve referred before to the excellent XKCD cartoon that reminds us that huge amounts of modern commercial systems and code rely on a library maintained…
How networks affect us all is both intuitive and supremely unintuitive at the same time. GPG, rather famously suggested that people have key signing…
See all