Science of Security Virtual Organization | advancing cybersecurity through science

The recent Cybersecurity Executive Order asked agencies to define minimum standards for supply chain governance and software testing that could be required of all vendors selling software to the Federal Government. In this talk, I ask the question: what could minimal standards look like 10 years from now? I will describe recent research on software and supply chain security, focusing on emerging threats and promising approaches to mitigation.

BIO

Supply Chain Issues with Energy Sector ICS Software

Read more about Supply Chain Issues with Energy Sector ICS Software

ABSTRACT

Establishing Trustworthy Software Supply Chains

Read more about Establishing Trustworthy Software Supply Chains

ABSTRACT

Left of Boom: Cyber Supply Chain Security, Testing, and Vulnerability Disclosure

Read more about Left of Boom: Cyber Supply Chain Security, Testing, and Vulnerability Disclosure

ABSTRACT

Cyber risks to digital supply chains are not new, but recent cyber incidents have prioritized these concerns and catalyzed several executive orders. This briefing will describe the Department of Energy’s programs in cyber vulnerability enumeration, testing, and forensic analysis for digital components in industrial control systems; efforts to illuminate risks in digital supply chains; and emerging strategies to improve security-by-design through Cyber-Informed Engineering.

Toward Personalized Adaptive Anti-Phishing Training and Automated Assistants

Composing High-Assurance Software with the Evidential Tool Bus

The Challenge of Artifacts and Summaries for Analysis Tool Execution and Qualification

NSF and the Defense of the Software Supply Chain: Past, Present and Future

Beyond Minimum Standards

Supply Chain Issues with Energy Sector ICS Software

Establishing Trustworthy Software Supply Chains

Left of Boom: Cyber Supply Chain Security, Testing, and Vulnerability Disclosure

SoftwareSupplyChaininCloudServices.pdf

Cyber Defense of the Supply Chain