Eric Geller

Eric Geller @ericgeller

Biden's EO allowed agencies to request extensions for and exemptions from meeting the new requirement to protect "critical software" with certain security measures, but as of July 11, no agency had requested either. (Doesn't mean they're all doing it, though.) https://t.co/mAIy9ZjCQe — PolitiTweet.org

Eric Geller @ericgeller

And even more recently, on July 11, NIST published a summary of all the work it did under section 4 software supply chain security) of of Biden's cyber EO. The report, also sent to the White House, includes recommendations for future work. https://t.co/N9DZwxwkV2 https://t.co/LS5EO5bGIz — PolitiTweet.org

Eric Geller @ericgeller

@emilcDC nope, just wrote it on a lark — PolitiTweet.org

Eric Geller @ericgeller

NIST recently published the report that it sent to the White House summarizing what it learned from its pilot programs on IoT device and software cyber labeling. Short version: Need consumer education, flexibility in labeling schemes, & constant updates. https://t.co/KNIiNev7K6 https://t.co/R58rcVSsnD — PolitiTweet.org

Eric Geller @ericgeller

Hark! 202 Arc: From Marks to Starks — PolitiTweet.org

Eric Geller @ericgeller

@kevincollier @timstarks @Joseph_Marks_ show the evidence! stop the steal! — PolitiTweet.org

Eric Geller @ericgeller

In the days leading up to Jan. 6, Chinese hackers refocused their reconnaissance campaigns on D.C.-based and WH-focused reporters, according to @proofpoint. https://t.co/m3Ahy9ld8v These campaigns have continued, as have similar Turkish, North Korean, and Iranian campaigns. https://t.co/xspFjuo5PC — PolitiTweet.org

Eric Geller @ericgeller

@timstarks Just when you thought you were out of the newsletter game, they pull you back in! 😁 — PolitiTweet.org

Eric Geller @ericgeller

“Never before have the public and private sectors come together for such a rigorous effort to understand what happened in a significant cyber incidents and then to drive improvements," Silvers said. — PolitiTweet.org

Eric Geller @ericgeller

After launching in February, CSRB met with representatives of nearly 80 organizations — from govt agencies and cyber experts to software developers and customers — to gather information for its report. — PolitiTweet.org

Eric Geller @ericgeller

In its report, CSRB criticized a Chinese regulation requiring companies to alert Beijing of security flaws before disclosing them elsewhere. China apparently retaliated against Alibaba after a researcher there broke this rule w/ Log4j. CSRB met with Chinese officials on this. — PolitiTweet.org

Eric Geller @ericgeller

"The open source community...is very enthusiastic [about] security," said CSRB Deputy Chair @argvee, "but they are thinly resourced and they are volunteer based. ... The entities who are using open source software really should be looking to help support that community directly." — PolitiTweet.org

Eric Geller @ericgeller

The recommendations around supporting the open-source community (an early lesson from Log4j https://t.co/jIyIMxSDmf) mirror those in a recent tech coalition report that received support from the White House. https://t.co/hoK3j7v8bD — PolitiTweet.org

Eric Geller @ericgeller

CSRB, an NTSB-like body composed of 15 leading govt and industry experts, recommended more funding for the open-source community, cyber curricula in all college coding classes, improved SBOM tools, regulatory requirements to use CISA guidance, and more. https://t.co/ZqHMZCBTl5 https://t.co/3I7xm2LAFm — PolitiTweet.org

Eric Geller @ericgeller

New: Log4J vulns will remain an "endemic" problem, w/ unpatched systems lingering for years, DHS's Cyber Safety Review Board said in its 1st report. CSRB chair @DHS_Policy called it “one of the most serious software vulnerabilities in history." My story: https://t.co/Dm7R1ZqiLh — PolitiTweet.org

Eric Geller @ericgeller

omg — PolitiTweet.org

Eric Geller @ericgeller

From @IST_org: "We estimate that in 2021 there were well over 4,000 documented ransomware incidents involving at least 60 ransomware 'families', impacting organizations in 109 countries." https://t.co/TygUhUOzTx https://t.co/bPfduTZG9l — PolitiTweet.org

Eric Geller @ericgeller

some good news today — PolitiTweet.org

Eric Geller @ericgeller

@nicksologist innocent — PolitiTweet.org

Eric Geller @ericgeller

@ChloeAngyal @darth the expressiveness — PolitiTweet.org

Eric Geller @ericgeller

@EWAEmily @darth I will gladly take the dog — PolitiTweet.org

Eric Geller @ericgeller

@EWAEmily @darth OMG — PolitiTweet.org

Eric Geller @ericgeller

I would be very interested to know what the WSJ's comms team tells reporters who ask them about this today. — PolitiTweet.org

Eric Geller @ericgeller

"Ohio Attorney General Dave Yost...questioned the validity of the account during an appearance on Fox News this week. ... "On Wednesday, once news of the arraignment came, Yost issued a single sentence statement: "'We rejoice anytime a child rapist is taken off the streets.'" — PolitiTweet.org

Eric Geller @ericgeller

broken country — PolitiTweet.org

Eric Geller @ericgeller

TOO SOON — PolitiTweet.org

Eric Geller @ericgeller

@josephmenn @ShaneHuntley @JohnHultquist same — PolitiTweet.org

Eric Geller @ericgeller

cool cool cool normal-brained stuff excellent very healthy — PolitiTweet.org

Eric Geller @ericgeller

👀 — PolitiTweet.org

Eric Geller @ericgeller

@DavidAgranovich @lorenzofb https://t.co/rNkDp8zAMg — PolitiTweet.org