Check out this post on responding quickly to open-source supply chain attacks, in this case, the #XZ hack. This backdoor was deliberately injected into the widely used secure shell service daemon #sshd by unknown attackers (IMHO a nation-state: see also .

RT @aDolus_Inc: Read @ICS_Secure's latest blog on Evolving Threats and Regulations in Software Supply Chain Security. Attacks are on the ri….

RT @allanfriedman: @aDolus_Inc @ICS_Secure I was in Brussels last week talking about this exact issue with Commission staff and ENISA exper….

Most SBOM initiatives have been coming out of the US, thanks to EO14028. Now, the EU is adding teeth to requirements for SBOMs with its Cyber Resilience Act. Check out my summary of the impact on the IoT/OT markets; let me know if you agree that it could have a massive impact.

RT @aDolus_Inc: The EU Cyber Resilience Act took a big step toward enactment this week. Read our blog to get @ICS_Secure's commentary on th….

If you’ll be at the @SecurityWeek ICS Cybersecurity Conference in Atlanta, track me down. I'm happy to explain how the industry made huge strides using SBOMs to secure software supply chains. #ICSCC23.

The 2023 #MDDR report shines a sharp light on the state of OT firmware updates. You can read more about the actual statistics and my thoughts on the reasons in my blog.

Effective hunting for #vulnerabilities in #OT requires navigating the namespace problem (i.e., most product and vendor names have multiple aliases), plus the ability to process text-based data such as massive PDFs from vendors. Our blog explains how we did it for the #MDDR.

RT @aDolus_Inc: The Microsoft Digital Defense Report (#MDDR 2023) dropped today and we provided key research and analysis for the section o….

#OTCEP 2023 is starting. Minister Josephine Teo is presenting a great summary of the risk and opportunities for OT systems.

RT @ICS_SCADA: Passionate about ICS incident response panel ⁦@SCADAhacker⁩ ⁦@RobertMLee⁩ ⁦@CSAsingapore⁩ #otcep | …person on right is makin….

A very amusing story of how #ChatGPT led one of the @aDolus_Inc team down a giant rabbit hole of #misinformation. Highly recommended reading for anyone thinking of using #GenerativeAI.

I'm delighted to have Kevin join us as CEO at aDolus. I've known Kevin for years - he is an insightful leader who really understands the security industry. With his proven track record of solving customer challenges and growing revenue, I look forward to a fruitful collaboration.

I've been active in the #foodandbeverage industry since my BCIT lab days when Kraft Foods was a major research sponsor. It is great to see a major player in the space take #softwaresupplychainsecurity so seriously. See you at #S4x23 - I'll be in the #SBOM pavilion!.

Thomas Pace of @NetRiseInc presenting a great talk in the challenges of looking up OT vulnerabilities in public vulnerability databases at #icscc22. Definitely worth listening to!

Next slide from @Derek_Harp - Seems like companies are feeling the pain and are working on their supply chain programs.

#icscc22 @Derek_Harp, CEO of (CS)2AI talking on OT Security survey results. Companies responding report Compromised Vendor Updates accounted for nearly 1/4 of all OT security incidents, up from zero in 2020! The software supply chain is a growing risk issue for OT. @aDolus_Inc

RT @allanfriedman: Very exciting to see @Microsoft open source their internal SBOM generation tool. Would love to hear what you think of it….

#OTCEP - @ztudor - love your concept that #Pipedream "isn't just an attack framework, it is an education framework".