News & Analysis as of

Cybersecurity Software Supply Chain

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +
Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now.   less -
Hogan Lovells

Threat actors increasingly introducing malicious code into open source packages

Hogan Lovells on

The risks associated with leveraging open source libraries, and the review needed, are increasing. In the first half of 2025, cybersecurity researchers observed a sharp rise in the incidence of malicious code embedded in...more

Alston & Bird

UK Publishes Software Security Code

Alston & Bird on

Cyber security supply chain risks are growing, and attacks on vendors and other third parties cause severe disruption to businesses. For example, in recent years we have seen many incidents that have involved threat actors...more

Mitratech Holdings, Inc

EU Cyber Resilience Act: How to Prepare Now

The EU Cyber Resilience Act (CRA), adopted by the European Parliament in 2024, marks a major milestone in European cybersecurity legislation. As the first EU-wide law focused on the cybersecurity of digital products, it...more

Eversheds Sutherland (US) LLP

Commercially Connected Shorts - 14 May 2025

Welcome to Commercially Connected shorts, our weekly bitesize newsletter summarising the latest updates in UK commercial law. This week we look at: - UK-US and UK-India trade deals - Eversheds Sutherland’s global supply...more

PilieroMazza PLLC

SWIFT to Launch May 1: DOD Fast Tracks Software Deployment Opening New Doors for Defense Contractors

PilieroMazza PLLC on

In a decisive move to stay ahead in an era of rapidly evolving digital threats, the Department of Defense (DOD) is accelerating its push for software modernization. The upcoming launch of the Software Fast Track (SWIFT)...more

Pillsbury Winthrop Shaw Pittman LLP

The EU’s Cyber Resilience Act: New Cybersecurity Requirements for Connected Products and Software

The CRA will affect a broad range of digital products placed on the EU market (including by those based outside the EU), including connected hardware/devices, software and remote data processing solutions. The EU has adopted...more

Goodwin

Crossing Administrations: The Focus on Federal Cybersecurity Continues

Goodwin on

Federal contractors, including defense contractors, should prepare for the emergence of new requirements in the coming months that are designed to strengthen software supply chain security, impose more stringent cybersecurity...more

Hogan Lovells

Security Snippets: CISA publishes sector-specific cyber performance goals for IT and product design

Hogan Lovells on

The Cybersecurity and Infrastructure Security Agency (CISA) unveiled new cyber performance goals aimed at addressing risks to software development and product design in the IT sector. Last week, the Cybersecurity and...more

Morrison & Foerster LLP - Government...

Biden’s Final Cybersecurity Order Proposes Significant Changes, All to Be Implemented by the Incoming Administration

Citing the threats posed by foreign adversaries and criminal organizations, and seeking enhanced accountability for companies that provide software and cloud services to the federal government, the Biden administration has...more

McCarter & English Blog: Government Contracts...

They Did It. They Really Did It! The Arrival of the FAR CUI Proposed Rule

After years of anticipation, the Federal Acquisition Regulation (FAR) Council has announced the arrival of its proposed rule to enhance the safeguarding of Controlled Unclassified Information (CUI) in federal contracts (the...more

Sheppard Mullin Richter & Hampton LLP

DoD Issues Proposed Rule for New Disclosures on Foreign Review of Computer Code

On November 15, 2024, the Department of Defense (“DoD”) issued a long-awaited Proposed Rule to implement Section 1655 of the National Defense Authorization Act for Fiscal Year 2019. Section 1655 prohibits DoD from...more

Wiley Rein LLP

Updates on Cybersecurity Requirements for Government Contractors

Wiley Rein LLP on

Part of the Biden Administration’s push to enhance U.S. cybersecurity capabilities has focused on imposing new requirements on government contractors. The 2023 National Cybersecurity Strategy suggested, for example, that...more

Wiley Rein LLP

DOD Seeks Contractor Disclosures of Foreign Access to Software Source Code

Wiley Rein LLP on

WHAT: The U.S. Department of Defense (DOD) issued a proposed rule to implement Section 1655(a) and (c) of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2019 (Pub. L. 115-232). The proposed rule would...more

Ogletree, Deakins, Nash, Smoak & Stewart,...

Supply Chain Attacks in the UK: Reducing Risk and Preparing for Upcoming Legal Changes

Effective information security is no longer just dependent on an organisation’s own internal cybersecurity controls. The UK Information Commissioner’s Office (ICO) highlights that third-party service providers are processing...more

Clark Hill PLC

The Learned Concierge - August 2024, Vol. 11

Clark Hill PLC on

The Learned Concierge - Welcome to your monthly legal insights on the trends impacting the Retail, Hospitality, and Food & Beverage Industries....more

Husch Blackwell LLP

Commerce Department Bans Kaspersky Software in First ICTS Prohibition, Signals Increased Risk of Using Certain Foreign Software...

Husch Blackwell LLP on

On June 20, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) issued a Final Determination prohibiting the sale of certain cybersecurity products, anti-virus software, and related services to...more

Pillsbury - Global Sourcing Practice

The UK Government Announces Ambitious Proposals to Improve Software Security and Resilience

In light of the increasing organizational use of and reliance on software and the concerns raised regarding the malicious use of the same, the UK Government has published a response to its call for views on software...more

Foley & Lardner LLP

Rolling With the Punches in a Networked World: CCOE Cybersecurity Panel Discussion

Foley & Lardner LLP on

Whether the game is football, baseball, hockey, or Indy Car racing, no team goes into their major championship matchup without training. Companies need to train as well if they intend to operate on the internet and expect to...more

Foley & Lardner LLP

Combatting Supply Chain Cyber Threats: Safeguarding Data and Protecting Digital Supply Chains

Foley & Lardner LLP on

As supply chains have become more digitized and interconnected, they have also become more vulnerable to a range of cyber threats. These threats not only pose risks to the direct operations of companies but also to the...more

Sheppard Mullin Richter & Hampton LLP

CISA Opens Repository for Submission of Software Security Attestation Forms

On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Office of Management and Budget (“OMB”) released the highly-anticipated Secure Software Development Attestation Form (also known as the...more

Opportune LLP

Supply Chain Optimization and Weather Impacts with Alteryx

Opportune LLP on

In today's interconnected global economy, supply chain optimization plays a critical role in driving business success. However, unpredictable weather events such as hurricanes, tropical storms, and extreme weather conditions...more

Sheppard Mullin Richter & Hampton LLP

Update: CISA Seeks Additional Input from Software Providers on Security Attestation Form

The Cybersecurity and Infrastructure Security Agency (“CISA”) recently revised its Secure Software Development Attestation Common Form (after receiving over 110 comments on the initial draft), and is seeking additional...more

Jones Day

Commerce Department Issues Final Rule on Information and Communications Technology Supply Chain

Jones Day on

On June 16, the U.S. Department of Commerce published a final rule, effective July 17, 2023, on Securing the Information and Communications Technology and Services ("ICTS") Supply Chain, signaling potential new actions on...more

Fenwick & West LLP

UPDATE: Secure Software Development Attestation: A(nother) Government Requirement

Fenwick & West LLP on

As follow-on guidance to Office of Management and Budget’s (OMB) September 14, 2022 memo and the associated Executive Order on Improving the Nation’s Cybersecurity from May 2021, the Cybersecurity and Infrastructure Security...more

K&L Gates LLP

Secure Software Regulations and Self-Attestation Required for Federal Contractors

K&L Gates LLP on

Government contractors providing software across the federal government’s supply chain will be required later this year to comply with a new Secure Software Design Framework (SSDF). The SSDF requires software vendors to...more

55 Results
 / 
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide