3rd Party Risk Management , Application Security , Governance & Risk Management
Proof of Concept: A Guide to Navigating Software Liability
Also: Vendor Self-Attestation vs. Third Parties; Safe Harbor GuidelinesIn the latest "Proof of Concept," Chris Hughes, co-founder and CISO, Aquia, join editors at Information Security Media Group to discuss the nuances around software liability, how organizations are integrating standards development practices, and guidelines for determining when a supplier qualifies for safe harbor.
See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare
Anna Delaney, director, productions; Tom Field, vice president, editorial; and Chris Hughes, co-founder and CISO, Aquia - discussed:
- Defining software liability and how frameworks such as the NIST Secure Software Development Framework lay the groundwork for software liability;
- The challenges or advantages that come when vendors self-attest rather than undergoing third-party evaluations;
- How the concept of safe harbor applies to software liability, particularly when a supplier has taken proper precautions but still falls victim to malicious actors.
Hughes, who co-founded Aquia, is the author of "Software Transparency: Supply Chain Security in an Era of a Software-Driven Society." He has nearly 20 years of IT and cybersecurity experience and also spent time as a consultant in the private sector. Hughes is an adjunct professor of cybersecurity at Capitol Technology University and University of Maryland Global Campus, and he co-hosts the "Resilient Cyber" podcast. He participates in the Cloud Security Alliances Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C.
Don't miss our previous installments of "Proof of Concept", including the Oct. 26 edition on overcoming open-source code security risks and the Nov. 17 edition on assessing the U.S. executive order on AI.