Supply-Chain Attack Threat Management

QUESTIONQuestion

How ~~well is FileWave's product protected against Supply-Chain Attacks? What efforts~~ does FileWave ~~make~~reduce tothe ~~protect~~risk of supply-chain attacks against ~~this~~the ~~threat?~~FileWave product and release process?

ANSWERAnswer

Supply-~~Chain~~chain ~~Attacks~~attacks ~~represent~~are ana ~~attack~~serious ~~vector~~risk ~~that~~for issoftware vendors, especially ~~sensitive to software~~ vendors that ~~produce~~provide ~~systems~~endpoint ~~used~~management inand ~~ITSM.~~IT Asoperations ~~one~~tools. ofFileWave ~~the~~works ~~leading~~to ~~UEM~~reduce ~~vendors~~that inrisk ~~cross-platform~~through ~~device~~a layered approach to product development, component management, ~~FileWave~~build isautomation, ~~constantly~~release ~~working on improving our processes~~delivery, and ~~tooling~~security ~~to make sure that our product is protected against known, material vulnerabilities.~~review.

~~Supply~~A ~~Chain~~supply-chain ~~attacks can be difficult to detect and respond to due to the fact that a vulnerability~~issue can be introduced atin ~~multiple~~more ~~points~~than ~~during~~one ~~the~~place: ~~time~~internal ofsource ~~product~~code, ~~creation,~~a build or release ~~and delivery process and can originate both within the company or come through~~process, a ~~previously trusted, upstream source - e.g.~~ partner ~~product ,~~component, a ~~library~~third-party library, or an ~~OSS~~open-source ~~component.~~dependency. Because of that, FileWave treats supply-chain protection as an ongoing process rather than a single control.

ToFileWave's ~~reduce~~controls ~~the~~focus ~~possibility~~on oflimiting ~~such~~where ~~breach and be able to react quickly, we are pursuing a number of complementary activities, which allow us to control the source of the~~release components ~~and~~come ~~libraries~~from, ~~used in releases, automate the process of~~making the product assembly ~~thus~~process ~~limiting~~repeatable, ~~possibility~~reducing ~~for~~manual ~~human~~release ~~error~~steps where practical, reviewing known material vulnerabilities, and ~~oversight,~~responding ~~and solicit~~to feedback from security ~~experts~~researchers, vendors, customers, and ~~communities.~~the broader security community.

No security process is ~~perfect however,~~perfect, so weFileWave ~~stay~~continues ~~diligent~~to review and ~~always~~improve ~~look for improvements in our~~its tools and ~~processes,~~processes ~~especially in response to ever evolving~~as cybersecurity threats and attack ~~methods.~~methods change.

ADDITIONAL INFORMATION

~~Open Source Software Included in FileWave~~