Proof of Concept: A Guide to Navigating Software LiabilityAlso: Vendor Self-Attestation vs. Third Parties; Safe Harbor Guidelines
In the latest "Proof of Concept," Chris Hughes, co-founder and CISO, Aquia, join editors at Information Security Media Group to discuss the nuances around software liability, how organizations are integrating standards development practices, and guidelines for determining when a supplier qualifies for safe harbor.
Anna Delaney, director, productions; Tom Field, vice president, editorial; and Chris Hughes, co-founder and CISO, Aquia - discussed:
- Defining software liability and how frameworks such as the NIST Secure Software Development Framework lay the groundwork for software liability;
- The challenges or advantages that come when vendors self-attest rather than undergoing third-party evaluations;
- How the concept of safe harbor applies to software liability, particularly when a supplier has taken proper precautions but still falls victim to malicious actors.
Hughes, who co-founded Aquia, is the author of "Software Transparency: Supply Chain Security in an Era of a Software-Driven Society." He has nearly 20 years of IT and cybersecurity experience and also spent time as a consultant in the private sector. Hughes is an adjunct professor of cybersecurity at Capitol Technology University and University of Maryland Global Campus, and he co-hosts the "Resilient Cyber" podcast. He participates in the Cloud Security Alliances Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C.
Don't miss our previous installments of "Proof of Concept", including the Oct. 26 edition on overcoming open-source code security risks and the Nov. 17 edition on assessing the U.S. executive order on AI.