About Us

Laser Focus World is an industry bedrock—first published in 1965 and still going strong. We publish original articles about cutting-edge advances in lasers, optics, photonics, sensors, and quantum technologies, as well as test and measurement, and the shift currently underway to usher in the photonic integrated circuits, optical interconnects, and copackaged electronics and photonics to deliver the speed and efficiency essential for data centers of the future.

Our 80,000 qualified print subscribers—and 130,000 12-month engaged online audience—trust us to dive in and provide original journalism you won’t find elsewhere covering key emerging areas such as laser-driven inertial confinement fusion, lasers in space, integrated photonics, chipscale lasers, LiDAR, metasurfaces, high-energy laser weaponry, photonic crystals, and quantum computing/sensors/communications. We cover the innovations driving these markets.

Laser Focus World is part of Endeavor Business Media, a division of EndeavorB2B.

Laser Focus World Membership

Never miss any articles, videos, podcasts, or webinars by signing up for membership access to Laser Focus World online. You can manage your preferences all in one place—and provide our editorial team with your valued feedback.

Magazine Subscription

Can you subscribe to receive our print issue for free? Yes, you sure can!

Newsletter Subscription

Laser Focus World newsletter subscription is free to qualified professionals:

The Daily Beam

Showcases the newest content from Laser Focus World, including photonics- and optics-based applications, components, research, and trends. (Daily)

Product Watch

The latest in products within the photonics industry. (9x per year)

Bio & Life Sciences Product Watch

The latest in products within the biophotonics industry. (4x per year)

Laser Processing Product Watch

The latest in products within the laser processing industry. (3x per year)

Get Published!

If you’d like to write an article for us, reach out with a short pitch to Sally Cole Johnson: [email protected]. We love to hear from you.

Photonics Hot List

Laser Focus World produces a video newscast that gives a peek into what’s happening in the world of photonics.

Following the Photons: A Photonics Podcast

Following the Photons: A Photonics Podcast dives deep into the fascinating world of photonics. Our weekly episodes feature interviews and discussions with industry and research experts, providing valuable perspectives on the issues, technologies, and trends shaping the photonics community.

Social Media

BlueskyFacebookInstagram LinkedIn • YouTube

Meet the Laser Focus World Team

Editorial

Sales

Editorial Advisory Board

  • Professor Andrea M. Armani, University of Southern California
  • Ruti Ben-Shlomi, Ph.D., LightSolver
  • James Butler, Ph.D., Hamamatsu
  • Natalie Fardian-Melamed, Ph.D., Columbia University
  • Justin Sigley, Ph.D., AmeriCOM
  • Professor Birgit Stiller, Max Planck Institute for the Science of Light, and Leibniz University of Hannover
  • Professor Stephen Sweeney, University of Glasgow
  • Mohan Wang, Ph.D., University of Oxford
  • Professor Xuchen Wang, Harbin Engineering University
  • Professor Stefan Witte, Delft University of Technology
My Watchlist
Indicators
Industrial Laser Index
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

Hidden Risks in Our Software Supply Chain

By: Syndication Cloud

Originally Posted On: https://blog.axellio.com/hidden-risks-in-our-software-supply-chain

The Hidden Risks in Our Software Supply Chain — What You Don’t Know Will Hurt You

In recent years, securing hardware supply chains for critical infrastructure and defense systems has been a primary focus. However, the software powering these systems presents an equally pressing, yet often overlooked, concern.

There are two fundamental security risks with most software products today:

  • An over reliance on open-source software
  • Use of foreign software programmers and foreign software manufacturers

The last decade has seen a fundamental product development shift — the extensive use of open-source software. This crowd-sourcing effort has made the cost of software development quicker, faster, and potentially riskier.

One fundamental risk is that you are relying on others to adequately validate that the software is error free. Since this is done for “free” by the community, the verification process can range from being done well to being done very poorly (and every level in between), which leads to software code instability and insecurity.

A prime example of this is the node.js library. According to a 2022 Dark Reading article, researchers at Johns Hopkins University reported that they found 180 different zero-day vulnerabilities that were spread across thousands of Node.js libraries. If you’re not familiar with Node.js, it’s a fairly well distributed set of libraries that were initially created in 2011. With what should have been a large amount of review over 11 years, 180 zero-day flaws is a lot of risk to discover, especially if you are a product manufacturer delivering software solutions to the military or other government departments.

What about all of the other open-source libraries being used? Not only could there be a lot of accidental “ticking timebombs” out there, but there could also be zero-day flaws discovered by bad actors (especially some foreign governments) that are deliberately not reported so that the bad actors can use those flaws at a later date for nefarious purposes.

This issue extends beyond open-source software. The increasing role of Chinese companies in developing software across various sectors, including those deemed critical, raises additional concerns. A study by Fortress Information Security revealed that a staggering 90% of the software products they reviewed for United States electric power companies (which included information technology (IT) and operational technology (OT) products) contained components developed by individuals from either China or Russia.

This involvement creates worries about potential backdoors being intentionally inserted into the software, data exfiltration, or even the capacity to disrupt these systems, particularly during times of conflict. It also highlights a concern that foreign governments could pressure businesses to compromise their software for nefarious purposes. Additionally, individuals acting independently with malicious intentions could introduce vulnerabilities.

Even when the source of the software is known, ensuring its integrity can be challenging. Sophisticated actors can exploit vulnerabilities to gain unauthorized access or manipulate data, compromising sensitive information and disrupting critical operations. The potential consequences of such breaches, particularly in defense, intelligence, and critical infrastructure, could be catastrophic.

So, what can be done about the two problems? Organizations must prioritize working with companies committed to developing and delivering secure, trustworthy software, including those that:

  • Prioritize rigorous security standards and certifications: Look for companies that adhere to internationally recognized security standards like ISO 9001:2015 and possess relevant certifications, such as the DoD Authority to Operate (ATO). Axellio, for example, holds both ISO 9001:2015 certification and DoD Authority to Operate (ATO) for multiple products, demonstrating a commitment to providing secure solutions for sensitive government and defense applications.
  • Focus on domestic development and customization: U.S.-based companies can offer greater transparency and control over the software development process, minimizing reliance on foreign components and reducing potential risks associated with supply chain vulnerabilities. This approach ensures that sensitive code remains within U.S. jurisdiction. Axellio’s focus on domestic development ensures that our software, like the PacketXpress® network intelligence platform, is developed entirely within the US.
  • Reduce the use of open-source software: Organizations should develop software internally (where they know the provenance of the code) or seek partners who can provide customizable solutions that meet security requirements. Axellio’s code is primarily home grown, creating a very secure solution, free of foreign actor backdoors.

So how does the industry move forward? Addressing software supply chain risks requires a multi-faceted approach. We need to implement more rigorous vetting processes, especially for critical systems. Supporting U.S.-based software development for key industries is crucial, as is collaborating to improve security practices. Most importantly, we must raise awareness among decision-makers about the importance of software supply chain security. As we continue to secure our digital infrastructure, we need to remember that the integrity of our software is just as crucial as the hardware it runs on. By prioritizing “Made in America” software and addressing the complex challenges of our global software ecosystem, we can build a more resilient and secure digital future.

 

More News

View More
McDonald’s: New All-Time Highs Are Inevitable
Via MarketBeat
Tickers MCD
Joby's Stock Is Quiet, But Its Commercial Engine Is In Overdrive
Via MarketBeat
Tickers JOBY UBER
Why Seagate Is Wall Street's New Favorite AI Infrastructure Play
Via MarketBeat
Topics Artificial Intelligence
Tickers BAC STX
3 AI Infrastructure Stocks With Upside After the Summer Rally
Via MarketBeat
Topics Artificial Intelligence
Tickers AMZN ANET AVGO GOOGL META MSFT
Can Advantage2 Help Overcome D-Wave's Share Price Plateau?
Via MarketBeat
Tickers F GEV NVDA QBTS
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms Of Service.