CISA Launches Roadmap for the CVE Program
The US cybersecurity agency called for the CVE program to remain publicly maintained and vendor-neutral while emphasizing the need for broader engagement
Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.
Search across headline titles and summaries.
Background for this topic.
Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.
Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.
The US cybersecurity agency called for the CVE program to remain publicly maintained and vendor-neutral while emphasizing the need for broader engagement
A ransomware attack by KillSec on Brazil software provider MedicSolution threatens healthcare, impacting providers and patients
Observo Buy Gives Customers Real-Time SIEM Ingestion and Vendor-Agnostic OptionsSentinelOne’s Observo AI buy gives customers a flexible, AI-powered data pipeline for faster detection and SIEM freedom. The acquisition bolsters its AI-native SIEM vision and offers a lower-cost, real-time alternative to traditional solutions such as Splunk.
Wealthsimple confirmed a third-party vendor data breach affecting roughly 30,000 customers