Welcome to part 5 of our ongoing series of blog posts exploring product security and the software supply chain. In our last blog post, we covered the fourth step—Remediation—that companies take on the road to connected device security.
Today, we move on to Step 5— Response. If you’d like to jump ahead and see the rest of the six-step process, or even just look at everything, all at once, you can read our comprehensive white paper, The Ultimate Guide to Connected Device Security, here.
Response - It's Time to Do Something
In 2021, an average of over 50 vulnerabilities were discovered every day, according to data from NIST's National Vulnerability Database. That's more than 20,000 vulnerabilities discovered over the course of the year.
That number of vulnerabilities has been growing every year since 2016, when just under 6,500 were discovered.
With a new vulnerability discovered, on average, every half-hour, what can you do to protect your company, customers, and reputation from product and software supply chain risk?
Don't let your mitigation action plans fall into the irrelevance of so many point-in-time strategies.
Keep your SBOMs up to date so, as the threatscape continues to evolve, you'll have an accurate list of software components to scan and determine where your risk lies.
Late last year when Log4j first surfaced, product manufacturers and asset owners rushed to find their exposures in ecosystems that counted their products in the hundreds or even thousands of SKUs.
With a tool like Finite State's Global Search, you can scan for threats like Log4j across all the versions of firmware, software, components, and products in your asset inventory. That automation saves you resources--and valuable time--when you set out to learn if you have an exposure to newly discovered vulnerabilities and weaknesses.
With Global Search, you can get an answer fast.
That speed to action not only tells you where you have new vulnerabilities and weaknesses, but furnishes your mitigation action plan with critical information such as which devices you need to take off your network and gives you critical time to figure out how -- until you can devise a resolution or workaround.
Learn more: Read the Ultimate Guide to Connected Device Security
To truly defend your connected product—and the services it will provide—you need a solution that helps you address and resolve the risks presented by the vulnerabilities and weaknesses within your IOT/OT ecosystem. That’s why the remediation stage of the connected device security journey is so important.
Are you ready to begin down your own road to product security?
Finite State’s Ultimate Guide to Connected Device Security explores product and software supply chain security and how to identify, assess, prioritize, and mitigate the vulnerabilities that lurk within your connected devices.
Download Finite State’s Ultimate Guide to Connected Device Security today!
Share this
Holistic Product Security Part 1: Open Source Software Risk
The First Thing about Software Supply Chain Security
