Security news aggregator

Latest coverage for Vendor

Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.

Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.

Showing 3 most recent headlines Filtered view
Bank Info Security 2 years, 3 months ago

Which Cyber Vendor Will Be First Off the IPO Starting Block?

Cato Networks, Rubrik, Snyk Are Interested in Going Public, But Have No Firm PlansCybersecurity startups are wary of the public markets following a hard economic reset that made profitability more important than growth and performance more important than potential. Due to this dramatic shift, lots of cybersecurity startups want to file for an IPO, but nobody wants to go first.

Bank Info Security 2 years, 3 months ago

BigID Raises $60M, Eyes M&A Around Data Security, Compliance

Data Security Vendor Retains Unicorn Status With Riverwood Capital-Led Growth RoundA data security firm led by a former CA Technologies executive raised $60 million to boost both organic and inorganic expansion around data and compliance. The round will build on the firm's new data hygiene tool as well as its new controls for detecting and tracking model access to sensitive data.

Bank Info Security 2 years, 3 months ago

AWS Snags Skyhigh's Gee Rittenhouse to Run Security Business

Ex-Forcepoint CRO John DiLullo to Lead STG-Owned Skyhigh Security on Interim BasisAmazon Web Services hired Gee Rittenhouse to help organizations protect their data and applications in the cloud. Rittenhouse spent more than two years atop San Jose, California-based security service edge vendor Skyhigh and prior to that, more than three years leading Cisco's cybersecurity unit.