“Keep your software up to date,” is a constant mantra from cybersecurity experts.

For good reason. Failing to patch vulnerabilities in your software — especially when those vulnerabilities are known and there are patches available to fix them — is a bit like leaving the vault open at night. It’s an open invitation to cyber criminals.

But keeping software up-to-date is not always as simple as getting a notification from a vendor, clicking the “update-now” button, and then watching the little circle fill in, or the progress bar tell you how many minutes or seconds left before it’s installed.

The…

No president’s legacy should depend solely on what happens in the first 100 days of his administration. That’s less than 7% of a single term.

But for better or worse, 100 days has become a marker for new presidents, both for what to expect and what an administration may be able to accomplish. It’s a “honeymoon” when major policy initiatives have the best chance of getting through even a divided Congress.

All of which leads to this week and a small avalanche of analysis about President Joe Biden’s trajectory on everything from the pandemic to climate change, immigration, infrastructure, taxes…

If software is eating the world, as venture capitalist, Mosaic creator and Netscape cofounder Mark Andreessen famously said a decade ago, then one variety of software — open source — is now doing virtually all the eating.

That’s one of the major findings of the sixth Open Source Security & Risk Analysis (OSSRA) report, released last week by the Synopsys Cybersecurity Research Center (CyRC).

Not that this is at all a surprise. It simply confirms an ongoing trend. Open source software has been a majority of all existing codebases for years. It’s just that every year it’s a bigger majority.

…

If you have never heard of the BSIMM or OWASP SAMM, you need to read this, if only to find out what the heck they stand for.

But more importantly, because they can help you keep your software secure. And that’s something you really need to do. Really.

As boring and esoteric as it may sound, software security is just as important—now even more so—than putting locks on your doors, making sure you don’t misplace your wallet and, for businesses, making sure only employees get into your building and keeping your intellectual property safe.

These days, both your physical and…

“If it ain’t broke, don’t fix it,” is one of the all-time common-sense clichés. Which makes the corollary true as well: If it is broke, fix it.

But what if you don’t know it’s broke? It would help if somebody would let you know.

And in the world of software, issuing those warnings is the goal of the Common Vulnerabilities and Exposures (CVE) Program, launched in 1999.

The need is obvious. Software essentially runs the modern world. It’s everywhere and in just about everything. It’s also made by humans, which means it’s not perfect. …

“Keep your stuff up to date” is one of the closest things to a religious mantra in cybersecurity. And that means everything — your networks, your systems, your applications.

For good reason. If you don’t apply patches when they become available, you’re asking for trouble because malicious hackers know, just like everybody else, when vulnerabilities become public and immediately start looking for organizations that are too distracted or clueless to apply those patches.

Fail to update and you’re in effect asking to be the next Equifax, the credit bureau giant breached in 2017 after it failed to install a patch…

What’s in a name?

As we all know, that iconic Shakespearean question applies to way more than an Elizabethan-era family feud intruding on adolescent romance.

It has, for generations, applied to everything from diseases to galaxies, insects, musical groups, teams, commercial products, and more. Sometimes things are named for a famous person (Lou Gehrig), a place (Lyme), a classic myth (Andromeda), the founder of an enterprise (Ford), an historic gold rush (49ers) or perhaps the major industry in a company town (Packers, Brewers).

But it also applies now — at least in some cases — to the weapons and vulnerabilities…

Suddenly, “supply chain” is hot. Suddenly, a term that usually tends to make eyes glaze over unless you’re a member of the green-eyeshade accounting fraternity, is in the headlines, even leading the mainstream evening news.

Because, as the recently discovered cyberattack on SolarWinds/Orion illustrates, a weak link in the supply chain can break every other link on that chain. Even if there are 18,000 or more of them.

SolarWinds, which provides system management tools for network and infrastructure monitoring, has an IT performance monitoring system called Orion.

The thumbnail version of the story is that hackers were able to inject…