• ‰ § ¶ ‡ µ ¢ © «» × ÷ Þ þ
————————————————————————————————————————————————————————————————

\laptop\electrical\siteground\robust.txt  scrupulous  ethical 

title: the supply chain has compromised by anonymous third party components

•••

In light of the growing misuse of the intenet by nation state rogues
intruding in servers accross the world, increased discipline will
be required in order to avoid catastrophe.
ref: https://www.cyberscoop.com/tag/supply-chain-security/

There is no single solution for the myrad of vulnerabilities that have
creeped into the computer branch of learning; everything needs to
be redeveloped constrained by every disciplined caution available.

The commercial security companies are focused on putting out fires, their
money does not necessarily come from preventing fires.

vulnerabilities:
  https://owasp.org/www-project-top-ten/
  https://www.guru99.com/web-security=vulnerabilities.html
  https://codedx.com/blog/dont-risk-being-the-next-solarwinds-software-supply-chain-security-and-risk-management/
    Application Vulnerability Management
    research funded by the Department of Homeland Security, Science and Technology Directorate’s 
                           Small Business Initiative Research (SBIR) program
    thousands of new vulnerabilities are disclosed each year

precautions:
  avoid vulnerabilities, remove bloatware 
  avoid using unneeded features, e.g. graphical user interface
  use a rare operating system
   https://www.russharvey.bc.ca/resources/windowssecurity.html#winalts
  avoid compromized supply chains where anonymous inclusions may have been used  
   https://www.cyberscoop.com/tag/supply-chain-security/
  avoid active features in data files: e.g. *.ppt
  regular checksum integrity checking of executable files
  study the third party testing that has been done
   https://www.commoncriteriaportal.org/products/
   https://gartner.com/  (reserved for paying clients)
  when not needing the internet unplug the ethernet cable or turn off the computer
   https://en.wikipedia.org/wiki/Botnet
   https://techcrunch.com/2019/09/01/police-botnet-takedown-infections/ 

authority:
https://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html

ref:
https://en.wikipedia.org/wiki/Category:Computer_security_organizations
 https://owasp.org/www-project-top-ten/  guru99.com
 https://www.stopbadware.org/best-practices
https://en.wikipedia.org/wiki/Category:Computer_security_companies
  https://en.wikipedia.org/wiki/Category:Spyware_removal
  https://en.wikipedia.org/wiki/Malicious_Software_Removal_Tool
  https://listoffreeware.com/best-free-bloatware-remover-for-windows/

————————————————————————————————————————————————————————————————

Another issue is top down object orientation and bottom up, abstract layers 
of proceedural functions.  Top down is useful for supervisors who need an
overview but who are incapable of comprehending layers of abstraction and 
need to provide direction in order to reach a useful goal.  However, a 
bottom up understanding is necessary for a complete understanding of any 
complex system. 

https://searchapparchitecture.techtarget.com/definition/object-oriented-programming-OOP
https://searchdatamanagement.techtarget.com/definition/data-modeling
  https://en.wikipedia.org/wiki/Object-oriented_programming