Application Security , Events , Next-Generation Technologies & Secure Development

Taking Software Supply Chain Security to the Next Level

Former Federal CISO Grant Schneider Discusses Regulation, Vendor Liability
Grant Schneider, senior director for cybersecurity services, Venable LLP

The recently published U.S. national cybersecurity strategy has sparked a positive conversation, but questions remain about regulation and its implementation, said Grant Schneider of Venable. He said the industry needs more clarity about short-term and midterm regulatory changes.

See Also: The Ever-Increasing Pressure to Develop Secure Code

One of the more controversial proposals is for the administration to work with Congress and the private sector to hold software vendors liable for security flaws. "Incentive structures" would be required to achieve this, Schneider said. "You need multiple incentives so that you don't end up with someone just gaming the system."

On the wider issue of software supply chain security, organizations still struggle to gain visibility of the open-source code within their systems. Schneider said it is important to create a "base inventory, keeping it up to date and understanding how you let software into your system."

In this video interview with Information Security Media Group at RSA Conference 2023, Schneider discussed:

  • The potential impact of the national cybersecurity strategy;
  • The implications of software liability on the private sector;
  • Best practices to improve software supply chain security.

Prior to joining Venable, Schneider served as the U.S. deputy federal CISO and the U.S. federal CISO and as senior director for cybersecurity policy on the White House National Security Council. Before that, he served for seven years as chief information officer for the Defense Intelligence Agency.

About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.