"MITRE Rolls Out Supply Chain Security Prototype"

MITRE has launched a prototype cloud-based platform for its new System of Trust (SoT) framework, which identifies and quantifies supply chain risks and cybersecurity concerns. Organizations can now use the Risk Model Manager (RMM) platform to assess supply chain risk and security. They can now use it to view, edit, and customize the SoT framework content or export it for use as a subset framework. Software supply chain risk and security received a resounding wake-up call after high-profile attacks such as SolarWinds and Log4j highlighted the impact of threat actors compromising vendors' software and then compromising customers' software installations. The SoT framework, which is a cloud-native application hosted on Amazon Web Services (AWS), focuses on 14 top-level risk areas associated with suppliers, service providers, and supplies, such as the supplier's financial stability and cybersecurity practices, as well as the risk of product compromise. Throughout the acquisition process, these risk categories are used to evaluate a supplier or product. Thorough questions regarding how a supplier tracks and ensures the security of third-party software components used in their product are asked. About 40 organizations are shaping the SoT platform, comprising 660 supply chain categories and risk factors. This article continues to discuss the cloud-based SoT application now available for test-driving quantitative risk assessment of hardware, software, and services suppliers.

Dark Reading reports "MITRE Rolls Out Supply Chain Security Prototype"