Content deleted Content added
there are numerous reliable sources already listed in the article, and it's an ongoing subject of concern for NTIA, DOD, FDA, Underwrites Lab, etc. I'll try to add some of that newer material as well. The assertion that it was SEO material is incorrect. |
updated info about the legislation |
||
Line 7:
Understanding the supply chain of software, obtaining a software BOM, and using it to analyze known vulnerabilities are crucial in [[Risk management|managing risk]].<ref>{{cite web |url=http://docs.ismgcorp.com/files/external/WP_FSISAC_Third_Party_Software_Security_Working_Group.pdf |format=PDF |title=Appropriate Software Security Control Types for Third Party Service and Product Providers |publisher=Docs.ismgcorp.com |access-date=2015-06-12}}</ref><ref>{{cite web |url=https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities |title=Top 10 2013-A9-Using Components with Known Vulnerabilities |access-date=2015-06-12}}</ref><ref>{{cite web |url=https://www.cert.gov.uk/wp-content/uploads/2015/02/Cyber-security-risks-in-the-supply-chain.pdf |format=PDF |title=Cyber-security risks in the supply chain |publisher=Cert.gov.uk |access-date=2015-06-12}}</ref>
The Cyber Supply Chain Management and Transparency Act of 2014<ref>{{cite web |url=https://www.congress.gov/bill/113th-congress/house-bill/5793|title=H.R.5793 - 113th Congress (2013-2014): Cyber Supply Chain Management and Transparency Act of 2014 - Congress.gov - Library of Congress |access-date=2015-06-12}}</ref>
==References==
| |||