Organizations losing business due to connected product security concerns

59% of executives with cybersecurity decision-making responsibility at large and mid-sized companies say that their organizations have lost business due to product security concerns for connected devices and embedded systems, according to a Ponemon Institute survey. The results highlight a growing need to strengthen supply chain security by securing connected devices, including those connected to […]

Continue Reading

Sécurité de la supply chain : 3 entreprises sur 4 ont défini un processus de réponse sur incident

CyberVadis, entreprise française filiale d’EcoVadis et dédiée à l’évaluation basée sur la revue de preuves de la cybersécurité des fournisseurs, tiers et partenaires externes des entreprises, publie les résultats de son rapport 2021 « Cybersécurité de la Supply Chain : 5 défis clés à relever », avec 1 289 entreprises de tailles et de secteurs […]

Continue Reading

Introducing the Secure Open Source Pilot Program

Posted by Meder Kydyraliev and Kim Lewandowski, Google Open Source Security Team Over the past year we have made a number of investments to strengthen the security of critical open source projects, and recently announced our $10 billion commitment to cybersecurity defense including $100 million to support third-party foundations that manage open source security priorities […]

Continue Reading

Corporate attack surface exploding as a result of remote work

74% of organizations attribute recent business-impacting cyberattacks to vulnerabilities in technology put in place during the pandemic. The data is drawn from a study of more than 1,300 security leaders, business executives and remote employees conducted by Forrester Consulting. From cloud services and applications to personal devices and remote access tools, the corporate attack surface […]

Continue Reading

Distroless Builds Are Now SLSA 2

Posted by Priya Wadhwa and Appu Goundan, Google Open Source Security Team A few months ago we announced that we started signing all distroless images with cosign, which allows users to verify that they have the correct image before starting the build process. Signing our images was our first step towards fully securing the distroless […]

Continue Reading

The cybersecurity metrics required to make Biden’s Executive Order impactful

For too long, both the private and public sectors have not prioritized cybersecurity efforts enough and only acted in “good faith” – an inadequate effort to improve cybersecurity. Recently, President Biden issued the Executive Order on Improving the Nation’s Cybersecurity, to set government standards and best practices for cybersecurity across sectors, and it is good […]

Continue Reading