About Us

About Cabling Installation & Maintenance

Our mission: Bringing practical business and technical intelligence to today's structured cabling professionals

For more than 30 years, Cabling Installation & Maintenance has provided useful, practical information to professionals responsible for the specification, design, installation and management of structured cabling systems serving enterprise, data center and other environments. These professionals are challenged to stay informed of constantly evolving standards, system-design and installation approaches, product and system capabilities, technologies, as well as applications that rely on high-performance structured cabling systems. Our editors synthesize these complex issues into multiple information products. This portfolio of information products provides concrete detail that improves the efficiency of day-to-day operations, and equips cabling professionals with the perspective that enables strategic planning for networks’ optimum long-term performance.

Throughout our annual magazine, weekly email newsletters and 24/7/365 website, Cabling Installation & Maintenance digs into the essential topics our audience focuses on.

  • Design, Installation and Testing: We explain the bottom-up design of cabling systems, from case histories of actual projects to solutions for specific problems or aspects of the design process. We also look at specific installations using a case-history approach to highlight challenging problems, solutions and unique features. Additionally, we examine evolving test-and-measurement technologies and techniques designed to address the standards-governed and practical-use performance requirements of cabling systems.
  • Technology: We evaluate product innovations and technology trends as they impact a particular product class through interviews with manufacturers, installers and users, as well as contributed articles from subject-matter experts.
  • Data Center: Cabling Installation & Maintenance takes an in-depth look at design and installation workmanship issues as well as the unique technology being deployed specifically for data centers.
  • Physical Security: Focusing on the areas in which security and IT—and the infrastructure for both—interlock and overlap, we pay specific attention to Internet Protocol’s influence over the development of security applications.
  • Standards: Tracking the activities of North American and international standards-making organizations, we provide updates on specifications that are in-progress, looking forward to how they will affect cabling-system design and installation. We also produce articles explaining the practical aspects of designing and installing cabling systems in accordance with the specifications of established standards.

Cabling Installation & Maintenance is published by Endeavor Business Media, a division of EndeavorB2B.

Contact Cabling Installation & Maintenance

Editorial

Patrick McLaughlin

Serena Aburahma

Advertising and Sponsorship Sales

Peter Fretty - Vice President, Market Leader

Tim Carli - Business Development Manager

Brayden Hudspeth - Sales Development Representative

Subscriptions and Memberships

Subscribe to our newsletters and manage your subscriptions

Feedback/Problems

Send a message to our general in-box

 

My Watchlist
Indicators
Cabling Market Index
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

Hidden Risks in Our Software Supply Chain

By: Syndication Cloud

Originally Posted On: https://blog.axellio.com/hidden-risks-in-our-software-supply-chain

The Hidden Risks in Our Software Supply Chain — What You Don’t Know Will Hurt You

In recent years, securing hardware supply chains for critical infrastructure and defense systems has been a primary focus. However, the software powering these systems presents an equally pressing, yet often overlooked, concern.

There are two fundamental security risks with most software products today:

  • An over reliance on open-source software
  • Use of foreign software programmers and foreign software manufacturers

The last decade has seen a fundamental product development shift — the extensive use of open-source software. This crowd-sourcing effort has made the cost of software development quicker, faster, and potentially riskier.

One fundamental risk is that you are relying on others to adequately validate that the software is error free. Since this is done for “free” by the community, the verification process can range from being done well to being done very poorly (and every level in between), which leads to software code instability and insecurity.

A prime example of this is the node.js library. According to a 2022 Dark Reading article, researchers at Johns Hopkins University reported that they found 180 different zero-day vulnerabilities that were spread across thousands of Node.js libraries. If you’re not familiar with Node.js, it’s a fairly well distributed set of libraries that were initially created in 2011. With what should have been a large amount of review over 11 years, 180 zero-day flaws is a lot of risk to discover, especially if you are a product manufacturer delivering software solutions to the military or other government departments.

What about all of the other open-source libraries being used? Not only could there be a lot of accidental “ticking timebombs” out there, but there could also be zero-day flaws discovered by bad actors (especially some foreign governments) that are deliberately not reported so that the bad actors can use those flaws at a later date for nefarious purposes.

This issue extends beyond open-source software. The increasing role of Chinese companies in developing software across various sectors, including those deemed critical, raises additional concerns. A study by Fortress Information Security revealed that a staggering 90% of the software products they reviewed for United States electric power companies (which included information technology (IT) and operational technology (OT) products) contained components developed by individuals from either China or Russia.

This involvement creates worries about potential backdoors being intentionally inserted into the software, data exfiltration, or even the capacity to disrupt these systems, particularly during times of conflict. It also highlights a concern that foreign governments could pressure businesses to compromise their software for nefarious purposes. Additionally, individuals acting independently with malicious intentions could introduce vulnerabilities.

Even when the source of the software is known, ensuring its integrity can be challenging. Sophisticated actors can exploit vulnerabilities to gain unauthorized access or manipulate data, compromising sensitive information and disrupting critical operations. The potential consequences of such breaches, particularly in defense, intelligence, and critical infrastructure, could be catastrophic.

So, what can be done about the two problems? Organizations must prioritize working with companies committed to developing and delivering secure, trustworthy software, including those that:

  • Prioritize rigorous security standards and certifications: Look for companies that adhere to internationally recognized security standards like ISO 9001:2015 and possess relevant certifications, such as the DoD Authority to Operate (ATO). Axellio, for example, holds both ISO 9001:2015 certification and DoD Authority to Operate (ATO) for multiple products, demonstrating a commitment to providing secure solutions for sensitive government and defense applications.
  • Focus on domestic development and customization: U.S.-based companies can offer greater transparency and control over the software development process, minimizing reliance on foreign components and reducing potential risks associated with supply chain vulnerabilities. This approach ensures that sensitive code remains within U.S. jurisdiction. Axellio’s focus on domestic development ensures that our software, like the PacketXpress® network intelligence platform, is developed entirely within the US.
  • Reduce the use of open-source software: Organizations should develop software internally (where they know the provenance of the code) or seek partners who can provide customizable solutions that meet security requirements. Axellio’s code is primarily home grown, creating a very secure solution, free of foreign actor backdoors.

So how does the industry move forward? Addressing software supply chain risks requires a multi-faceted approach. We need to implement more rigorous vetting processes, especially for critical systems. Supporting U.S.-based software development for key industries is crucial, as is collaborating to improve security practices. Most importantly, we must raise awareness among decision-makers about the importance of software supply chain security. As we continue to secure our digital infrastructure, we need to remember that the integrity of our software is just as crucial as the hardware it runs on. By prioritizing “Made in America” software and addressing the complex challenges of our global software ecosystem, we can build a more resilient and secure digital future.

 

More News

View More
Caterpillar Stock Hits All-Time High—Is There More Room to Run?
Via MarketBeat
Topics Artificial Intelligence Economy World Trade
Tickers CAT
Berkshire-Backed Lennar Slides After Weak Q3 Earnings
Via MarketBeat
Topics ETFs
Tickers BRK-A BRK-B LEN
Analysts Turn Bullish on Hershey—Is Pepsi the Next Value Play?
Via MarketBeat
Tickers GS HSY PEP
Coming in Hot: Retail Data Drives Momentum in 3 E-Commerce Stocks
Via MarketBeat
Topics Economy
Tickers AMZN ETSY SHOP
MarketBeat Week in Review – 09/15 - 09/19
Via MarketBeat
Topics Economy
Tickers AAPL AMZN AVGO BE CRWD JOBY
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms Of Service.