Supply chain security risks of software driven products

Supply Chain Security: New standards and best practices to mitigate supply chain security risks of software driven products.

Complex supply chains are a major attack surface for products and software enabled enterprises. Managing associated risks has been a major challenge for product integrators. Established security controls focus on availability of supply but lack effectiveness to prohibit proliferation of vulnerabilities throughout the value chain. With ever increasing software focus new measures must be taken to ensure cybersecurity of products and the enterprise IT landscape.

Authorities and standardization bodies are defining and publishing new regulations and standards to address the software supply chain – e.g., ISO 21434, Supply Chain Act, NIS 2 regulation, NIST CSF 2.0. While the NIS 2 regulation came into force in Europe at the end of last year, in the USA the issue is being driven forward primarily by the National Institute of Standards and Technology (NIST). These obligations from a regulatory perspective have a fundamental impact on each individual company.

Based on emerging guidelines and from practical project experience, we present best practices for security controls to mitigate vulnerability propagation in the supply chain of software enabled products and the ecosystem. Additionally, we will address possible prevention assessments, potential defence & protection measures – both on company and product level – as well as defined processes after the incident.

Download our paper with all the insights here for free:

DOWNLOAD

Autoren

Benedikt Bauer

Tobias Löhr

SHARE ARTICLE

TAGS

Latest Updates

Supply chain security risks of software driven products

Supply chain security risks of software driven products

Supply Chain Security: New standards and best practices to mitigate supply chain security risks of software driven products.

Complex supply chains are a major attack surface for products and software enabled enterprises. Managing associated risks has been a major challenge for product integrators. Established security controls focus on availability of supply but lack effectiveness to prohibit proliferation of vulnerabilities throughout the value chain. With ever increasing software focus new measures must be taken to ensure cybersecurity of products and the enterprise IT landscape.

Authorities and standardization bodies are defining and publishing new regulations and standards to address the software supply chain – e.g., ISO 21434, Supply Chain Act, NIS 2 regulation, NIST CSF 2.0. While the NIS 2 regulation came into force in Europe at the end of last year, in the USA the issue is being driven forward primarily by the National Institute of Standards and Technology (NIST). These obligations from a regulatory perspective have a fundamental impact on each individual company.

Based on emerging guidelines and from practical project experience, we present best practices for security controls to mitigate vulnerability propagation in the supply chain of software enabled products and the ecosystem. Additionally, we will address possible prevention assessments, potential defence & protection measures – both on company and product level – as well as defined processes after the incident.

Download our paper with all the insights here for free:

DOWNLOAD

Autoren

Benedikt Bauer

Tobias Löhr

Simon Jung

TAGS

SHARE ARTICLE

Latest Updates

Thank you for your interest in our white paper!

Supply chain security risks of software driven products