The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

AppSec Decoded: The NIST guidance on supply chain risk management

Black Duck Editorial Staff

Aug 23, 2022 / 1 min read

President Biden’s May 2021 “Executive Order on Improving the Nation’s Cybersecurity” was, at 34 pages, unusually long for a presidential executive order. That’s in large part because it addressed a lot of topics. 
 
But just one of those topics—securing the software supply chain—produced guidance on cybersecurity supply chain risk management from the National Institute of Standards and Technology that was nearly 10 times as long, at 326 pages. 
 
The guidance goes into exhaustive depth and detail, but Tim Mackey, principal security strategist within the Synopsys Cybersecurity Research Center, read the whole thing and even annotated it. 
 
In this first of two episodes of AppSec Decoded, recorded live at RSA 2022 in San Francisco, Mackey and Taylor Armerding, security advocate at Synopsys, discuss the overall focus of that guidance: How to build processes and programs around risk-based principles. That means setting priorities to fix what are the greatest risks to an organization and understanding that a software risk is a business risk.

Continue Reading

Explore Topics