NSA to developers: We’ve got some software supply chain security tips for you

software-developers-working-late-getty.jpg

Image: Getty

US security agency, the National Security Agency (NSA), has released new software supply chain guidance to help developers avoid cyberattacks targeting proprietary and open-source software. 

The new guidance is meant to help US private and public sector organizations defend themselves against supply chain attacks, including the one Russian Foreign Intelligence Service (SVR) hackers deployed against SolarWinds and its customers.

","tags":[],"size":1150443,"width":2121,"height":1414,"author":{"id":"1aa87593-0f1d-4577-862b-a59b5ec9bc57","username":"DannyPalmerZDNet","email":"danny.palmer@redventures.com","firstName":"Danny","middleName":null,"lastName":"Palmer","dateCreated":{"date":"2016-02-01 00:00:00","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2021-09-03 16:24:39","timezone":"UTC","timezone_type":3},"ursId":"26827885824301528866373598134180","roles":[{"name":"CMS User","role":"ROLE_CMS_USER"},{"name":"Editor","role":"ROLE_EDITOR"},{"name":"Super User","role":"ROLE_SUPER_USER"}],"profiles":{"data":[{"id":"a2532289-8d40-471c-ac05-a3be890ed373","dateCreated":{"date":"2016-02-01 17:14:14","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2021-12-06 16:18:39","timezone":"UTC","timezone_type":3},"language":"en","title":"Senior Reporter","byline":null,"bureau":"UK","authorBio":"Danny Palmer is a senior reporter at ZDNet. Based in London, he writes about issues including cybersecurity, hacking and malware threats.","expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":"Danny Palmer has nothing to disclose. He does not hold investments in the technology companies he covers.","typeName":"user_user_profile"}],"paging":{"total":1,"limit":15,"offset":0}},"profile":{"id":"a2532289-8d40-471c-ac05-a3be890ed373","dateCreated":{"date":"2016-02-01 17:14:14","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2021-12-06 16:18:39","timezone":"UTC","timezone_type":3},"language":"en","title":"Senior Reporter","byline":null,"bureau":"UK","authorBio":"Danny Palmer is a senior reporter at ZDNet. Based in London, he writes about issues including cybersecurity, hacking and malware threats.","expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":"Danny Palmer has nothing to disclose. He does not hold investments in the technology companies he covers.","typeName":"user_user_profile"},"socialProfileIds":{"facebookProfile":null,"facebookPage":null,"twitter":"dannyjpalmer","googlePlus":null,"instagram":null},"suppressProfile":false,"editions":[],"defaultTimezone":"Europe/London","cmsDisplayName":"Danny Palmer","authorBlogs":[],"language":"en","title":"Senior Reporter","byline":null,"bureau":"UK","authorBio":"Danny Palmer is a senior reporter at ZDNet. Based in London, he writes about issues including cybersecurity, hacking and malware threats.","expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":"Danny Palmer has nothing to disclose. He does not hold investments in the technology companies he covers."},"dateCreated":{"date":"2022-07-04 10:53:53","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2022-07-04 10:55:10","timezone":"UTC","timezone_type":3},"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":"Image: Getty/Bloom Productions","alt":"portrait-of-woman-operating-digital-interface-technology","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"The rise of quantum computing, deepfakes, the Internet of Things and more are among the things that could create very real challenges for cybersecurity going forwards.","promoTitle":null,"slug":"these-are-the-cybersecurity-threats-of-tomorrow-that-you-should-be-thinking-about-today","title":"These are the cybersecurity threats of tomorrow that you should be thinking about today","topic":{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"113c25b6-ec91-11e3-95d2-02911863765e","deleted":false,"leaf":false,"topicPath":[{"id":"9d3e6108-0023-11e4-95d2-02911863765e","name":"Innovation","typeName":"content_topic","slug":"innovation","languages":[{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"4c7171e8-08ca-11e4-9732-00505685119a","name":"Innovation","description":"Discover the best technology ideas emerging from around the globe and how they are promising to help build a better future.","language":"en","slug":"innovation","vanityUrl":null,"typeName":"content_topic_language"}]}],"descendantCount":6,"type":{"id":"31bc3a04-c7a0-4fc1-b073-372a09f0cb0c","title":"Content","description":"Content","dateUpdated":null,"typeName":"content_topic_type"},"authors":{"data":[],"paging":{"total":0,"limit":15,"offset":0}},"editions":{"data":[{"topic":"113c25b6-ec91-11e3-95d2-02911863765e","edition":{"key":"in","label":"India","prefix":"in/","lang":"en","translationLocale":"en_IN","locales":["en-in"],"timezone":"Asia/Kolkata","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"India Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"02f76cc8-60a7-42e3-b095-85d5fceb201e","typeName":"content_topic_edition"},{"topic":"113c25b6-ec91-11e3-95d2-02911863765e","edition":{"key":"eu","label":"EU","prefix":"eu/","lang":"en","translationLocale":"en_GB","locales":["de-at","ar-bh","en-be","bg-bg","el-cy","cs-cz","da-dk","pt-pl","et-ee","fi-fi","fr-fr","de-de","el-gr","hu-hu","it-it","lv-lv","lt-lt","de-lu","fr-lu","en-mt","nl-nl","pl-pl","pt-pt","ro-ro","sk-sk","sl-sl","es-es","sv-se","fr-ch","de-ch","tr-tk"],"timezone":"Europe/London","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"EU Edition","currency_name":"Euro","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"177e0dd2-ef13-4119-a775-e123c25752d7","typeName":"content_topic_edition"},{"topic":"113c25b6-ec91-11e3-95d2-02911863765e","edition":{"key":"uk","label":"UK","prefix":"uk/","lang":"en","translationLocale":"en_GB","locales":["en-gb","en-ie","en-za","ka-ge","fa-ir","ar-iq","he-il","ar-jo","ar-kw","ar-lb","ar-om","ar-ps","ar-qa","ar-sa","ar-sy","ar-ae","ar-ye"],"timezone":"Europe/London","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"UK Edition","currency_name":"STG","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"26f2f74b-8aea-4cb8-8ad7-98ea6678f72f","typeName":"content_topic_edition"},{"topic":"113c25b6-ec91-11e3-95d2-02911863765e","edition":{"key":"au","label":"AU","prefix":"au/","lang":"en","translationLocale":"en_AU","locales":["en-au","en-nz"],"timezone":"Australia/Sydney","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"AU Edition","currency_name":"AUD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"578b5003-5398-44c2-b340-d94262af8075","typeName":"content_topic_edition"},{"topic":"113c25b6-ec91-11e3-95d2-02911863765e","edition":{"key":"us","label":"US","prefix":"","lang":"en","translationLocale":"en_US","locales":["en-us"],"timezone":"America/Los_Angeles","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"US Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"8231dda1-08ca-11e4-9732-00505685119a","typeName":"content_topic_edition"},{"topic":"113c25b6-ec91-11e3-95d2-02911863765e","edition":{"key":"as","label":"Asia","prefix":"as/","lang":"en","translationLocale":"en_SG","locales":["fa-af","hy-am","az-az","bn-bd","dz-bt","ms-bn","zh-cn","km-kh","en-hk","zh-hk","in-id","ja-jp","kk-kz","ky-kg","lo-la","ms-my","dv-mv","mm-mn","my-mm","ne-np","kr-kp","en-pk","en-ph","en-sg","si-lk","ko-kr","tg-tj","zh-tw","th-th","pt-tl","tk-tm","uz-uz","vi-vn"],"timezone":"Asia/Singapore","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"Asia Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"f84de0a6-d156-45c9-9500-543e34cc6419","typeName":"content_topic_edition"}],"paging":{"total":6,"limit":15,"offset":0}},"languages":{"data":[{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"81e128a0-08ca-11e4-9732-00505685119a","name":"Security","description":"Software has holes, and hackers will exploit the new vulnerabilities that appear daily. Keep tabs on the latest threats.","language":"en","slug":"security","vanityUrl":null,"typeName":"content_topic_language"}],"paging":{"total":1,"limit":15,"offset":0}},"name":"Security","description":"Software has holes, and hackers will exploit the new vulnerabilities that appear daily. Keep tabs on the latest threats.","slug":"security","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"},{"body":null,"dek":"Cyberattacks steal data and cause millions in economic costs. Learn what cybersecurity professionals do and how to protect your data with our guide.","description":"Cyberattacks steal data and cause millions in economic costs. Learn what cybersecurity professionals do and how to protect your data with our guide.","edition":{"key":"us","label":"US","prefix":"","lang":"en","translationLocale":"en_US","locales":["en-us"],"timezone":"America/Los_Angeles","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"US Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"image":{"id":"ef7f8a3b-bf95-43dd-a96d-82b0316dba85","title":"cybersecurity-ransomware","filename":"cybersecurity.jpg","path":"https://www.zdnet.com/a/img/2021/09/10/ef7f8a3b-bf95-43dd-a96d-82b0316dba85/cybersecurity.jpg","caption":"","tags":[],"size":1482645,"width":1600,"height":1069,"author":{"id":"264e2142-7b8a-49d3-9ea0-8ae5eec70c37","username":"zanerdskennedy","email":"zane.rds.kennedy@gmail.com","firstName":"Zane","middleName":"R","lastName":"Kennedy","dateCreated":{"date":"2021-05-05 00:00:00","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2021-05-05 18:31:15","timezone":"UTC","timezone_type":3},"ursId":"29886494492950911926330498836435","roles":[{"name":"CMS User","role":"ROLE_CMS_USER"},{"name":"Editor","role":"ROLE_EDITOR"},{"name":"Super User","role":"ROLE_SUPER_USER"}],"profiles":{"data":[{"id":"9f05cab6-8eb2-420a-bfbe-ef8c39bbffdb","dateCreated":{"date":"2021-05-05 18:31:15","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2021-05-05 18:31:15","timezone":"UTC","timezone_type":3},"language":"en","title":"Editor","byline":null,"bureau":null,"authorBio":null,"expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":null,"typeName":"user_user_profile"}],"paging":{"total":1,"limit":15,"offset":0}},"profile":{"id":"9f05cab6-8eb2-420a-bfbe-ef8c39bbffdb","dateCreated":{"date":"2021-05-05 18:31:15","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2021-05-05 18:31:15","timezone":"UTC","timezone_type":3},"language":"en","title":"Editor","byline":null,"bureau":null,"authorBio":null,"expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":null,"typeName":"user_user_profile"},"socialProfileIds":{"facebookProfile":null,"facebookPage":null,"twitter":null,"googlePlus":null,"instagram":null},"suppressProfile":false,"editions":[],"defaultTimezone":"Europe/London","cmsDisplayName":"Zane Kennedy","authorBlogs":[],"language":"en","title":"Editor","byline":null,"bureau":null,"authorBio":null,"expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":null},"dateCreated":{"date":"2021-09-10 17:11:12","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2021-10-25 19:22:48","timezone":"UTC","timezone_type":3},"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":"By everything possible — Shutterstock","alt":"A bearded professional types on a tablet. Programming and cybersecurity-related symbols float in the foreground.","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"Cyberattacks steal data and cause millions in economic costs. Learn what cybersecurity professionals do and how to protect your data with our guide.","promoTitle":null,"slug":"what-is-cybersecurity-and-why-cybersecurity-matters","title":"What, exactly, is cybersecurity? And why does it matter?","topic":{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"95ca6724-c309-42a2-b946-f359f1127d73","deleted":false,"leaf":false,"topicPath":[{"id":"863fe219-de4d-4c2d-9e95-55e19301075a","name":"Education","typeName":"content_topic","slug":"education","languages":[{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"e70e4f81-9565-4d8a-b506-2f4064bff2d1","name":"Education","description":"Explore traditional, hybrid, and online learning options for upskilling, advancing your career, and enhancing your professional development.","language":"en","slug":"education","vanityUrl":null,"typeName":"content_topic_language"}]}],"descendantCount":1,"type":{"id":"31bc3a04-c7a0-4fc1-b073-372a09f0cb0c","title":"Content","description":"Content","dateUpdated":null,"typeName":"content_topic_type"},"authors":{"data":[],"paging":{"total":0,"limit":15,"offset":0}},"editions":{"data":[{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"as","label":"Asia","prefix":"as/","lang":"en","translationLocale":"en_SG","locales":["fa-af","hy-am","az-az","bn-bd","dz-bt","ms-bn","zh-cn","km-kh","en-hk","zh-hk","in-id","ja-jp","kk-kz","ky-kg","lo-la","ms-my","dv-mv","mm-mn","my-mm","ne-np","kr-kp","en-pk","en-ph","en-sg","si-lk","ko-kr","tg-tj","zh-tw","th-th","pt-tl","tk-tm","uz-uz","vi-vn"],"timezone":"Asia/Singapore","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"Asia Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"04388a5a-c4c2-42ba-8383-85792a2afcb4","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"in","label":"India","prefix":"in/","lang":"en","translationLocale":"en_IN","locales":["en-in"],"timezone":"Asia/Kolkata","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"India Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"10b723f0-57e6-4087-a944-a8dcd236af98","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"us","label":"US","prefix":"","lang":"en","translationLocale":"en_US","locales":["en-us"],"timezone":"America/Los_Angeles","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"US Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"1139be6e-d687-4e1c-a5ac-d452f0f2563b","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"eu","label":"EU","prefix":"eu/","lang":"en","translationLocale":"en_GB","locales":["de-at","ar-bh","en-be","bg-bg","el-cy","cs-cz","da-dk","pt-pl","et-ee","fi-fi","fr-fr","de-de","el-gr","hu-hu","it-it","lv-lv","lt-lt","de-lu","fr-lu","en-mt","nl-nl","pl-pl","pt-pt","ro-ro","sk-sk","sl-sl","es-es","sv-se","fr-ch","de-ch","tr-tk"],"timezone":"Europe/London","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"EU Edition","currency_name":"Euro","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"37812cf7-bbfc-4684-9e1b-d976a372f5be","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"au","label":"AU","prefix":"au/","lang":"en","translationLocale":"en_AU","locales":["en-au","en-nz"],"timezone":"Australia/Sydney","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"AU Edition","currency_name":"AUD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"6d2e5d37-3cfe-4258-83e0-91d4bcac1c48","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"uk","label":"UK","prefix":"uk/","lang":"en","translationLocale":"en_GB","locales":["en-gb","en-ie","en-za","ka-ge","fa-ir","ar-iq","he-il","ar-jo","ar-kw","ar-lb","ar-om","ar-ps","ar-qa","ar-sa","ar-sy","ar-ae","ar-ye"],"timezone":"Europe/London","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"UK Edition","currency_name":"STG","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"9f01cb93-bd23-417c-923d-162136b7f406","typeName":"content_topic_edition"}],"paging":{"total":6,"limit":15,"offset":0}},"languages":{"data":[{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"e94edce6-4538-49a6-bd9b-deb2262bc667","name":"Computers & Tech","description":"From great gadgets to the best degrees, we offer the news you need and insights you can trust in all aspects of computer and technology education and careers.","language":"en","slug":"computers-tech","vanityUrl":null,"typeName":"content_topic_language"}],"paging":{"total":1,"limit":15,"offset":0}},"name":"Computers & Tech","description":"From great gadgets to the best degrees, we offer the news you need and insights you can trust in all aspects of computer and technology education and careers.","slug":"computers-tech","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"},{"body":null,"dek":"Cybersecurity certifications can help you get your foot in the door into what has fast become an industry with a high demand for skilled staff. Here is how to get started.","description":"Cybersecurity certifications can help you get your foot in the door into what has fast become an industry with a high demand for skilled staff. Here is how to get started.","edition":{"key":"us","label":"US","prefix":"","lang":"en","translationLocale":"en_US","locales":["en-us"],"timezone":"America/Los_Angeles","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"US Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"image":{"id":"82451d6f-094b-42ba-94a8-a74617af6c9e","title":"best-cyber-security-certification","filename":"gettyimages-1076658510.jpg","path":"https://www.zdnet.com/a/img/2022/04/20/82451d6f-094b-42ba-94a8-a74617af6c9e/gettyimages-1076658510.jpg","caption":"","tags":[],"size":1625442,"width":2121,"height":1414,"author":{"id":"781a4b26-f4ec-4df5-84ed-c2775cdfd86f","username":"ebetters","email":"epicaro@redventures.com","firstName":"Elyse","middleName":null,"lastName":"Betters Picaro","dateCreated":{"date":"2016-06-21 00:00:00","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2020-12-07 15:47:59","timezone":"UTC","timezone_type":3},"ursId":"27051783234840286590268119258902","roles":[{"name":"CMS User","role":"ROLE_CMS_USER"},{"name":"Super Admin","role":"ROLE_SUPER_ADMIN"}],"profiles":{"data":[{"id":"84c775b4-26e4-4285-a0cb-ab642b885442","dateCreated":{"date":"2016-06-21 15:54:31","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2022-06-10 03:03:07","timezone":"UTC","timezone_type":3},"language":"en","title":"Senior Editor","byline":"Elyse Betters Picaro is an editor based in New York.","bureau":"US","authorBio":"Elyse Betters Picaro is a senior editor based in Upstate New York. \r\n\r\nShe currently leads a team of journalists who write buyer’s guides, deals, and gift guides. She has experience editing countless advice pieces and has written over 8,000 articles — including news, how-tos, explainers, and reviews on technology and even TV and entertainment-focused content — for several leading online publications. \r\n\r\nPreviously, she was an editor at 9to5Mac and 9to5Google. She was also a US contributor at Pocket-lint. Before that, she worked as a beat reporter at different regional newspapers in Northeast America and freelanced for global websites such as the BBC. \r\n\r\nShe holds a Master of Fine Arts in writing from The New School in Manhattan and a Bachelor of Arts in journalism from the University of Massachusetts at Amherst.","expertise":"Consumer technology, mobile apps, TV and streaming services, mobile devices, software and services, and e-commerce","awardsAndCredentials":null,"education":"Master of Fine Arts in writing (2014) from The New School in Manhattan and a Bachelor of Arts in journalism (2011) from the University of Massachusetts at Amherst","authorDisclosure":"Elyse Betters Picaro has nothing to disclose.","typeName":"user_user_profile"}],"paging":{"total":1,"limit":15,"offset":0}},"profile":{"id":"84c775b4-26e4-4285-a0cb-ab642b885442","dateCreated":{"date":"2016-06-21 15:54:31","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2022-06-10 03:03:07","timezone":"UTC","timezone_type":3},"language":"en","title":"Senior Editor","byline":"Elyse Betters Picaro is an editor based in New York.","bureau":"US","authorBio":"Elyse Betters Picaro is a senior editor based in Upstate New York. \r\n\r\nShe currently leads a team of journalists who write buyer’s guides, deals, and gift guides. She has experience editing countless advice pieces and has written over 8,000 articles — including news, how-tos, explainers, and reviews on technology and even TV and entertainment-focused content — for several leading online publications. \r\n\r\nPreviously, she was an editor at 9to5Mac and 9to5Google. She was also a US contributor at Pocket-lint. Before that, she worked as a beat reporter at different regional newspapers in Northeast America and freelanced for global websites such as the BBC. \r\n\r\nShe holds a Master of Fine Arts in writing from The New School in Manhattan and a Bachelor of Arts in journalism from the University of Massachusetts at Amherst.","expertise":"Consumer technology, mobile apps, TV and streaming services, mobile devices, software and services, and e-commerce","awardsAndCredentials":null,"education":"Master of Fine Arts in writing (2014) from The New School in Manhattan and a Bachelor of Arts in journalism (2011) from the University of Massachusetts at Amherst","authorDisclosure":"Elyse Betters Picaro has nothing to disclose.","typeName":"user_user_profile"},"socialProfileIds":{"facebookProfile":null,"facebookPage":null,"twitter":"elysebetters","googlePlus":null,"instagram":"elysebetters"},"suppressProfile":false,"editions":[],"defaultTimezone":"America/New_York","cmsDisplayName":"Elyse Betters Picaro","authorBlogs":[{"title":"Business Bargain Hunter","slug":"business-bargain-hunter"}],"language":"en","title":"Senior Editor","byline":"Elyse Betters Picaro is an editor based in New York.","bureau":"US","authorBio":"Elyse Betters Picaro is a senior editor based in Upstate New York. \r\n\r\nShe currently leads a team of journalists who write buyer’s guides, deals, and gift guides. She has experience editing countless advice pieces and has written over 8,000 articles — including news, how-tos, explainers, and reviews on technology and even TV and entertainment-focused content — for several leading online publications. \r\n\r\nPreviously, she was an editor at 9to5Mac and 9to5Google. She was also a US contributor at Pocket-lint. Before that, she worked as a beat reporter at different regional newspapers in Northeast America and freelanced for global websites such as the BBC. \r\n\r\nShe holds a Master of Fine Arts in writing from The New School in Manhattan and a Bachelor of Arts in journalism from the University of Massachusetts at Amherst.","expertise":"Consumer technology, mobile apps, TV and streaming services, mobile devices, software and services, and e-commerce","awardsAndCredentials":null,"education":"Master of Fine Arts in writing (2014) from The New School in Manhattan and a Bachelor of Arts in journalism (2011) from the University of Massachusetts at Amherst","authorDisclosure":"Elyse Betters Picaro has nothing to disclose."},"dateCreated":{"date":"2022-04-20 20:55:34","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2022-06-22 20:35:10","timezone":"UTC","timezone_type":3},"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":"Getty Images","alt":"Close-up of a person wearing glasses leaning toward a computer screen. Lines of code reflect on the glasses.","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"Cybersecurity certifications can help you get your foot in the door into what has fast become an industry with a high demand for skilled staff. Here is how to get started.","promoTitle":null,"slug":"best-cybersecurity-certification","title":"The 7 best cybersecurity certifications: Become a security expert","topic":{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"95ca6724-c309-42a2-b946-f359f1127d73","deleted":false,"leaf":false,"topicPath":[{"id":"863fe219-de4d-4c2d-9e95-55e19301075a","name":"Education","typeName":"content_topic","slug":"education","languages":[{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"e70e4f81-9565-4d8a-b506-2f4064bff2d1","name":"Education","description":"Explore traditional, hybrid, and online learning options for upskilling, advancing your career, and enhancing your professional development.","language":"en","slug":"education","vanityUrl":null,"typeName":"content_topic_language"}]}],"descendantCount":1,"type":{"id":"31bc3a04-c7a0-4fc1-b073-372a09f0cb0c","title":"Content","description":"Content","dateUpdated":null,"typeName":"content_topic_type"},"authors":{"data":[],"paging":{"total":0,"limit":15,"offset":0}},"editions":{"data":[{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"as","label":"Asia","prefix":"as/","lang":"en","translationLocale":"en_SG","locales":["fa-af","hy-am","az-az","bn-bd","dz-bt","ms-bn","zh-cn","km-kh","en-hk","zh-hk","in-id","ja-jp","kk-kz","ky-kg","lo-la","ms-my","dv-mv","mm-mn","my-mm","ne-np","kr-kp","en-pk","en-ph","en-sg","si-lk","ko-kr","tg-tj","zh-tw","th-th","pt-tl","tk-tm","uz-uz","vi-vn"],"timezone":"Asia/Singapore","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"Asia Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"04388a5a-c4c2-42ba-8383-85792a2afcb4","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"in","label":"India","prefix":"in/","lang":"en","translationLocale":"en_IN","locales":["en-in"],"timezone":"Asia/Kolkata","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"India Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"10b723f0-57e6-4087-a944-a8dcd236af98","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"us","label":"US","prefix":"","lang":"en","translationLocale":"en_US","locales":["en-us"],"timezone":"America/Los_Angeles","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"US Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"1139be6e-d687-4e1c-a5ac-d452f0f2563b","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"eu","label":"EU","prefix":"eu/","lang":"en","translationLocale":"en_GB","locales":["de-at","ar-bh","en-be","bg-bg","el-cy","cs-cz","da-dk","pt-pl","et-ee","fi-fi","fr-fr","de-de","el-gr","hu-hu","it-it","lv-lv","lt-lt","de-lu","fr-lu","en-mt","nl-nl","pl-pl","pt-pt","ro-ro","sk-sk","sl-sl","es-es","sv-se","fr-ch","de-ch","tr-tk"],"timezone":"Europe/London","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"EU Edition","currency_name":"Euro","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"37812cf7-bbfc-4684-9e1b-d976a372f5be","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"au","label":"AU","prefix":"au/","lang":"en","translationLocale":"en_AU","locales":["en-au","en-nz"],"timezone":"Australia/Sydney","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"AU Edition","currency_name":"AUD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"6d2e5d37-3cfe-4258-83e0-91d4bcac1c48","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"uk","label":"UK","prefix":"uk/","lang":"en","translationLocale":"en_GB","locales":["en-gb","en-ie","en-za","ka-ge","fa-ir","ar-iq","he-il","ar-jo","ar-kw","ar-lb","ar-om","ar-ps","ar-qa","ar-sa","ar-sy","ar-ae","ar-ye"],"timezone":"Europe/London","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"UK Edition","currency_name":"STG","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"9f01cb93-bd23-417c-923d-162136b7f406","typeName":"content_topic_edition"}],"paging":{"total":6,"limit":15,"offset":0}},"languages":{"data":[{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"e94edce6-4538-49a6-bd9b-deb2262bc667","name":"Computers & Tech","description":"From great gadgets to the best degrees, we offer the news you need and insights you can trust in all aspects of computer and technology education and careers.","language":"en","slug":"computers-tech","vanityUrl":null,"typeName":"content_topic_language"}],"paging":{"total":1,"limit":15,"offset":0}},"name":"Computers & Tech","description":"From great gadgets to the best degrees, we offer the news you need and insights you can trust in all aspects of computer and technology education and careers.","slug":"computers-tech","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"},{"body":null,"dek":"Explore the best cybersecurity schools and programs that outrank the competition with acceptance rates, graduation rate performance, and graduation and retention rates.","description":"Explore the best cybersecurity schools and programs that outrank the competition with acceptance rates, graduation rate performance, and graduation and retention rates.","edition":{"key":"us","label":"US","prefix":"","lang":"en","translationLocale":"en_US","locales":["en-us"],"timezone":"America/Los_Angeles","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"US Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"image":{"id":"437df6d3-786b-4f3b-8404-a8fec8f7f783","title":"Cybersecurity tester","filename":"shutterstock-401334937.jpg","path":"https://www.zdnet.com/a/img/2021/11/16/437df6d3-786b-4f3b-8404-a8fec8f7f783/shutterstock-401334937.jpg","caption":"","tags":[],"size":7539266,"width":7360,"height":4912,"author":{"id":"35e7efdb-10d7-11e4-9732-00505685119a","username":"Mark Samuels","email":"mark.samuels@gmail.com","firstName":"Mark","middleName":null,"lastName":"Samuels","dateCreated":{"date":"2010-11-24 00:00:00","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2022-02-14 17:29:35","timezone":"UTC","timezone_type":3},"ursId":"28114290848020760216190549758115","roles":[{"name":"CMS User","role":"ROLE_CMS_USER"},{"name":"Editor","role":"ROLE_EDITOR"},{"name":"Google SMP Blogger","role":"ROLE_GOOGLE_SMP_BLOGGER"},{"name":"Super User","role":"ROLE_SUPER_USER"}],"profiles":{"data":[{"id":"35eee780-10d7-11e4-9732-00505685119a","dateCreated":{"date":"2010-11-24 03:54:28","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2022-01-11 16:27:43","timezone":"UTC","timezone_type":3},"language":"en","title":"Freelance Business Journalist","byline":"Mark Samuels is a business journalist specialising in IT leadership issues.","bureau":"EU","authorBio":"Mark Samuels is a business journalist specialising in IT leadership issues. Formerly editor at CIO Connect and features editor of Computing, he has written for various organisations, including the Economist Intelligence Unit, The Guardian, The Times, The Sunday Times and Times Higher Education.","expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":"Mark Samuels has nothing to disclose.","typeName":"user_user_profile"}],"paging":{"total":1,"limit":15,"offset":0}},"profile":{"id":"35eee780-10d7-11e4-9732-00505685119a","dateCreated":{"date":"2010-11-24 03:54:28","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2022-01-11 16:27:43","timezone":"UTC","timezone_type":3},"language":"en","title":"Freelance Business Journalist","byline":"Mark Samuels is a business journalist specialising in IT leadership issues.","bureau":"EU","authorBio":"Mark Samuels is a business journalist specialising in IT leadership issues. Formerly editor at CIO Connect and features editor of Computing, he has written for various organisations, including the Economist Intelligence Unit, The Guardian, The Times, The Sunday Times and Times Higher Education.","expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":"Mark Samuels has nothing to disclose.","typeName":"user_user_profile"},"socialProfileIds":{"facebookProfile":null,"facebookPage":null,"twitter":"mark_samuels","googlePlus":null,"instagram":null},"suppressProfile":false,"editions":[],"defaultTimezone":"America/New_York","cmsDisplayName":"Mark Samuels","authorBlogs":[],"language":"en","title":"Freelance Business Journalist","byline":"Mark Samuels is a business journalist specialising in IT leadership issues.","bureau":"EU","authorBio":"Mark Samuels is a business journalist specialising in IT leadership issues. Formerly editor at CIO Connect and features editor of Computing, he has written for various organisations, including the Economist Intelligence Unit, The Guardian, The Times, The Sunday Times and Times Higher Education.","expertise":null,"awardsAndCredentials":null,"education":null,"authorDisclosure":"Mark Samuels has nothing to disclose."},"dateCreated":{"date":"2021-11-16 11:54:37","timezone":"UTC","timezone_type":3},"dateUpdated":{"date":"2021-12-18 00:06:28","timezone":"UTC","timezone_type":3},"needsModeration":false,"mimeType":"image/jpeg","deleted":false,"credits":"Shutterstock / Dragon Images","alt":"man looking at a screen in a dark room","restricted":false,"startDate":null,"endDate":null,"preferred":false,"watermark":false,"doNotCrop":false,"doNotResize":false,"primaryCollection":null,"vanityUrl":null,"notes":null,"crop":null,"cropGravity":0,"preservedRegion":null,"isNew":false,"keywords":[],"primeColor":null,"hasWarning":false,"typeName":"content_image"},"label":null,"linkText":null,"linkUrl":null,"preferredProductName":null,"promoDek":"Explore the best cybersecurity schools and programs that outrank the competition with acceptance rates, graduation rate performance, and graduation and retention rates.","promoTitle":null,"slug":"cybersecurity-school","title":"Best cybersecurity schools and programs","topic":{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"95ca6724-c309-42a2-b946-f359f1127d73","deleted":false,"leaf":false,"topicPath":[{"id":"863fe219-de4d-4c2d-9e95-55e19301075a","name":"Education","typeName":"content_topic","slug":"education","languages":[{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"e70e4f81-9565-4d8a-b506-2f4064bff2d1","name":"Education","description":"Explore traditional, hybrid, and online learning options for upskilling, advancing your career, and enhancing your professional development.","language":"en","slug":"education","vanityUrl":null,"typeName":"content_topic_language"}]}],"descendantCount":1,"type":{"id":"31bc3a04-c7a0-4fc1-b073-372a09f0cb0c","title":"Content","description":"Content","dateUpdated":null,"typeName":"content_topic_type"},"authors":{"data":[],"paging":{"total":0,"limit":15,"offset":0}},"editions":{"data":[{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"as","label":"Asia","prefix":"as/","lang":"en","translationLocale":"en_SG","locales":["fa-af","hy-am","az-az","bn-bd","dz-bt","ms-bn","zh-cn","km-kh","en-hk","zh-hk","in-id","ja-jp","kk-kz","ky-kg","lo-la","ms-my","dv-mv","mm-mn","my-mm","ne-np","kr-kp","en-pk","en-ph","en-sg","si-lk","ko-kr","tg-tj","zh-tw","th-th","pt-tl","tk-tm","uz-uz","vi-vn"],"timezone":"Asia/Singapore","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"Asia Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"04388a5a-c4c2-42ba-8383-85792a2afcb4","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"in","label":"India","prefix":"in/","lang":"en","translationLocale":"en_IN","locales":["en-in"],"timezone":"Asia/Kolkata","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"India Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"10b723f0-57e6-4087-a944-a8dcd236af98","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"us","label":"US","prefix":"","lang":"en","translationLocale":"en_US","locales":["en-us"],"timezone":"America/Los_Angeles","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"US Edition","currency_name":"USD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"1139be6e-d687-4e1c-a5ac-d452f0f2563b","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"eu","label":"EU","prefix":"eu/","lang":"en","translationLocale":"en_GB","locales":["de-at","ar-bh","en-be","bg-bg","el-cy","cs-cz","da-dk","pt-pl","et-ee","fi-fi","fr-fr","de-de","el-gr","hu-hu","it-it","lv-lv","lt-lt","de-lu","fr-lu","en-mt","nl-nl","pl-pl","pt-pt","ro-ro","sk-sk","sl-sl","es-es","sv-se","fr-ch","de-ch","tr-tk"],"timezone":"Europe/London","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"EU Edition","currency_name":"Euro","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"37812cf7-bbfc-4684-9e1b-d976a372f5be","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"au","label":"AU","prefix":"au/","lang":"en","translationLocale":"en_AU","locales":["en-au","en-nz"],"timezone":"Australia/Sydney","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"AU Edition","currency_name":"AUD","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"6d2e5d37-3cfe-4258-83e0-91d4bcac1c48","typeName":"content_topic_edition"},{"topic":"95ca6724-c309-42a2-b946-f359f1127d73","edition":{"key":"uk","label":"UK","prefix":"uk/","lang":"en","translationLocale":"en_GB","locales":["en-gb","en-ie","en-za","ka-ge","fa-ir","ar-iq","he-il","ar-jo","ar-kw","ar-lb","ar-om","ar-ps","ar-qa","ar-sa","ar-sy","ar-ae","ar-ye"],"timezone":"Europe/London","dateFormat":"MMMM d, yyyy — HH:mm z LOCALTIME","metadata":{"nav_label":"UK Edition","currency_name":"STG","short_date":"MMM d, YYYY","long_date":"MMMM d, YYYY"}},"id":"9f01cb93-bd23-417c-923d-162136b7f406","typeName":"content_topic_edition"}],"paging":{"total":6,"limit":15,"offset":0}},"languages":{"data":[{"canonicalUrl":null,"suppressSearch":false,"titleTag":null,"excludeFromRivers":false,"noIndex":false,"seoHeadline":null,"seoMetaDescription":null,"seoNewsKeywords":null,"relAlternate":null,"relHreflang":null,"relNext":null,"relPrev":null,"seoTwitterCreator":null,"seoTwitterTitle":null,"seoTwitterImage":null,"seoTwitterDescription":null,"seoOgDescription":null,"seoOgImage":null,"seoOgTitle":null,"siteSearchBoostKeywords":null,"tweetText":null,"id":"e94edce6-4538-49a6-bd9b-deb2262bc667","name":"Computers & Tech","description":"From great gadgets to the best degrees, we offer the news you need and insights you can trust in all aspects of computer and technology education and careers.","language":"en","slug":"computers-tech","vanityUrl":null,"typeName":"content_topic_language"}],"paging":{"total":1,"limit":15,"offset":0}},"name":"Computers & Tech","description":"From great gadgets to the best degrees, we offer the news you need and insights you can trust in all aspects of computer and technology education and careers.","slug":"computers-tech","landingPage":null,"listingPage":null,"typeName":"content_topic"},"typeName":"content_article"}],"title":"More on tech security: The next challenges","view":"pinbox_text_list"}” class=”c-shortcodePinbox-textList c-shortcodePinbox-textList_floating g-border-thin-light-bottom g-outer-spacing-top-medium g-outer-spacing-bottom-medium”>

More on tech security: The next challenges

“Recent cyberattacks such as those executed against SolarWinds and its customers, and exploits that take advantage of vulnerabilities such as Log4j, highlight weaknesses within software supply chains, an issue which spans both commercial and open source software and impacts both private and government enterprises,” the NSA says in its guidance.

SEE: These are the cybersecurity threats of tomorrow that you should be thinking about today

The spy agency says there needs to be greater awareness that the software supply chain has the potential to be weaponized by nation-state adversaries using similar tactics, techniques, and procedures.

The Enduring Security Framework (ESF) – a public-private cross-industry working group led by the NSA and the Cybersecurity and Infrastructure Security Agency (CISA) – developed the guidance after examining the events that led up to the SolarWinds attack. ESF was established to cater to developers, vendors and customers in response to president Joe Biden’s cybersecurity executive order aimed at federal agencies.  

The incident demonstrated an awareness by state-backed hackers that the software supply chain was as valuable as publicly known and previously undisclosed software vulnerabilities.   

“As ESF examined the events that led up the SolarWinds attack, it was clear that investment was needed in creating a set of best practices that focused on the needs of the software developer,” the NSA said in a joint press release with CISA and the Office of the Director of National Intelligence.

While this guidance acknowledges the key role developers play in the software supply chain, the agencies will release versions of the best-practice guidance aimed directly at software vendors and software customers. 

The agencies note vendor responsibilities include ensuing the integrity and security of software via contractual agreements, software updates, notifications and mitigations of vulnerabilities. 

The guidance covers secure development practices, insider threats, open source, verification of third-party components, hardening build environments, and code delivery. 

The attack on SolarWinds was the highest profile recent supply chain attack, but others have occurred before and after, including the NotPetya destructive malware in 2017 that launched via a Ukraine-specific accounting package, and the ransomware attack on IT firm Kaseya in 2021, affecting its managed service-provider customers and their clients.

The UK’s National Cyber Security Centre (NCSC) expects supply chain attacks to continue to be an attractive attack vector in coming years due to the breadth of the supply chain, widespread use of third-party software components, and human factors, which range from malicious behavior to foreign spies compromising developers to infiltrate a software build system. 

The NSA’s and CISA’s section on “compromised engineers” – insider threats – illustrates the complexity of securing the supply chain. 

SEE: Don’t let your cloud cybersecurity choices leave the door open for hackers

“The compromised engineer is a difficult threat to detect and assess. A compromised employee may be under pressure from outside influences or may have a grudge to avenge. Poor performance reviews, lack of promotion, or disciplinary actions are only a few of the events that might cause a developer to take action against an organization and sabotage its development effort. Additionally, nation states or competitors can leverage an insider’s struggles with controlled substances, failing relationships, or debt, among other things.”

Beyond compromised engineers, the guidance also highlights intentionally placed backdoors that make it easier for engineers to troubleshoot problems, poorly trained engineers, as well accounts that remain open after a developer contract has been terminated, and compromised remote development systems.

The guidance recommends developers perform static and dynamic code analysis, conduct nightly builds with security and regression tests, map features to requirements, prioritize code reviews, and review critical code.    

READ MORE HERE