In an earlier episode of AppSec Decoded, we examined the new requirements outlined in the Biden administration’s cyber security executive order (E.O.). The E.O. has been influenced by a series of recent cyber attacks (SolarWinds, Colonial Pipeline) and calls for an increase in software transparency and the development of new software security standards, tools, and best practices.
While the E.O. is primarily directed toward federal departments and agencies, and federal contractors, the implementation standards will likely have a broader impact across critical infrastructure sectors and technology suppliers.
What can organizations that supply technology products and services to other organizations or to the public do in preparation for these changes? And what about the receiving end? What should technology buyers—the organizations that buy materials, products, and services from technology suppliers—do to prepare for the changes ahead as the result of the E.O.?
In this episode of AppSec Decoded, we spoke with Tim Mackey, principal security strategist at the Black Duck Cybersecurity Research Center, to learn what proactive steps both technology suppliers and buyers should consider in the wake of the new E.O.