3rd Party Risk Management , Application Security , Governance & Risk Management

Proof of Concept: A Guide to Navigating Software Liability

Also: Vendor Self-Attestation vs. Third Parties; Safe Harbor Guidelines
Clockwise, from top left: Anna Delaney, Tom Field and Chris Hughes

In the latest "Proof of Concept," Chris Hughes, co-founder and CISO, Aquia, join editors at Information Security Media Group to discuss the nuances around software liability, how organizations are integrating standards development practices, and guidelines for determining when a supplier qualifies for safe harbor.

See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare

Anna Delaney, director, productions; Tom Field, vice president, editorial; and Chris Hughes, co-founder and CISO, Aquia - discussed:

  • Defining software liability and how frameworks such as the NIST Secure Software Development Framework lay the groundwork for software liability;
  • The challenges or advantages that come when vendors self-attest rather than undergoing third-party evaluations;
  • How the concept of safe harbor applies to software liability, particularly when a supplier has taken proper precautions but still falls victim to malicious actors.

Hughes, who co-founded Aquia, is the author of "Software Transparency: Supply Chain Security in an Era of a Software-Driven Society." He has nearly 20 years of IT and cybersecurity experience and also spent time as a consultant in the private sector. Hughes is an adjunct professor of cybersecurity at Capitol Technology University and University of Maryland Global Campus, and he co-hosts the "Resilient Cyber" podcast. He participates in the Cloud Security Alliances Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C.

Don't miss our previous installments of "Proof of Concept", including the Oct. 26 edition on overcoming open-source code security risks and the Nov. 17 edition on assessing the U.S. executive order on AI.


About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.