Tag Archives: supply

Procurement transformation a main focus at CPO Rising Summit

BOSTON — Corporate procurement and supply chain operations must undergo a modern digital transformation, or the companies will be left behind.

This procurement transformation will be driven by real-time processes and next-generation technologies that allow procurement professionals to see what’s ahead and react immediately to any changes in the conditions, according to Tom Linton, chief procurement officer and supply chain officer for Flex, a company that designs and builds intelligent devices for a variety of industries.

Linton spoke at the CPO Rising Summit, a conference for procurement and supply chain professionals sponsored by the research firm Ardent Partners.

“We have to operate in real time and have systems and business processes that operate in real time, because the velocity of the business is going to continue to get faster,” Linton said. “Everything, whether you’re looking at technology or medicine or information systems, is moving faster. If we can’t communicate or conduct business in real time, we actually consider ourselves failing or falling behind.”

Every generation of every product today is smarter than the one that came before, Linton explained, and the average generational change is just nine months. Procurement needs to keep up with this increase in intelligence and start to take advantage of the new opportunities.

“How do we operate in an age of intelligence?” Linton asked. “How do we operate in a world which is not about the internet of things, because the things themselves are getting more intelligence? How do you develop a system of intelligence in procurement that helps us identify where we are in this progression?”

Visualization helps show where you’re going

One way to do this is through visualization, where information is presented in more digestible ways for procurement.

“What if everything you need to know about your business is available to you in the same time that you can open Uber on your smartphone?” Linton asked.

Flex built a procurement environment, called Flex Pulse, which uses a 100-foot wall of interactive monitors that display up to 58 applications that tell what’s going on with purchases and transactions in real time, according to Linton.

“The idea with Flex Pulse is to take that data and actually make it actionable,” Linton said. “It’s not doing anything truly different; it’s just taking information and restructuring it to make it more digestible for the users.”

The need for the procurement transformation to get up to speed was echoed at a subsequent expert panel.

Need to build trust in transactions

Mike Palackdharry, president and CEO of Aquiire, a Cincinnati-based B2B purchasing and supply chain process technology company, said real-time and next-generation technologies will drive the transformation.

“Things like blockchain, machine learning, AI and natural language processing are all about increasing the speed, the transparency and the trust within the supply chain. And all of that is about real time and how we create communications between buyers and sellers in real time, where we can trust the transaction and the accuracy of the data,” Palackdharry said.

The ultimate goal will be to provide systems that guide buyers to where you want them to go.

“It’s about how you use all of this real-time information that you’re gathering to guide your users to the items that you want them to buy,” said Paul Blake, technology product marketing leader for GEP, a provider of procurement technology in Clark, N.J. “It’s not just about cost savings; it’s about all the value you can bring into the supply chain and how we guide the users to those items.”

Procurement software will need to be fully functional to allow users to do everything they need to do, but underlying complexity must fall under a simple user experience, according to Blake.

“Increasingly, because of our changing expectations and innovations in technology, it has to be able to be used in the same way as all the other technologies around us,” Blake said. “The user experience, ease of use, seamless and formless interface with the technology is a major driving force in what’s going to deliver value in the future. It’s simplicity and complexity represented in the single whole — difficult to achieve, but that’s where I see it going today.”

The future is now — maybe

However, Blake cautioned the procurement transformation may not happen in the immediate future.

It’s extremely difficult to change. If you have a supertanker of a mammoth corporation, you need 100 miles to slow down and change direction.
Paul Blaketechnology product marketing leader at GEP

“In the 1990s, there were major corporations that said, ‘We think we need software that helps us to buy stuff more effectively.’ And today, there are still corporations saying the same thing,” Blake said. “There’s enormous inertia in the corporate world toward adopting new technologies, not because there isn’t the will to do something or the technology isn’t there, but because it’s extremely difficult to change. If you have a supertanker of a mammoth corporation, you need 100 miles to slow down and change direction.”

The procurement transformation is interesting and has potential, but real time may not be quite ready for the real world of procurement today, according to conference attendee Lynn Meltzer, director of sourcing for Staples, the office supply retailer based in Framingham, Mass.

Staples transitioned from a largely paper- and spreadsheet-based procurement system to Coupa, a cloud-based procurement SaaS platform, in the past year, Meltzer said.

“If you are just now getting a procure-to-pay system and you’re working to pull in your processes and your data and get there, then the timeline is highly compressed from where you are today to what they’re saying about the next 10 years,” she said. “It doesn’t mean that it can’t happen; you’ve just got to show the value and senior management fully buys in.”

It will be important to define the next step on the procurement transformation journey, said Jaime Steele, Staples’ senior director of procurement operations, and that probably won’t involve advanced AI or blockchain yet.

“The next step, not only for us but in the procurement industry, is that you’ve got to punch this out to every system and company next,” Steele said. “So, the realistic next step might be a simple chatbot, and nobody has done that well yet, so you need to solve the more basic things first.”

Meltzer agreed that certain basic things need to be taken care of before procurement organizations can use technology like blockchains.

“When you think about blockchain, you can’t move yourself to that until you figure how you can get that into a place where a robot can grab it or AI can figure out how to make some kind of decision on it,” she said. “I think those are some of the things that need to get sorted through, and it’s going to take a little bit of time. I would probably put it in five to 10 years, but I don’t see full automation getting in there anytime soon.”

Wanted – Raspberry pi3

Hey

I’m after a raspberry pi 3. Preferably with power supply and case.

Wasn’t sure which section to put this in, please more if needed.

What have you got for me.

Location: Manchester

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – 1000W EVGA SuperNOVA 1000 T2, Full Modular, 80 PLUS Titanium, SLI/CrossFire 10Yr Warranty

Hi,
A sealed and therefore unused EVGA power supply for sale.

This is an RMA replacement for a lower spec 1000 G2, which was having issues for me.

This is simply overkill for my needs, but if you are looking for the ultimate power supply for a gaming rig, this will certainly fit the bill for you.

Cheers, Lee

Price and currency: 200
Delivery: Delivery cost is included within my country
Payment method: Bank Transfer or Paypal gift
Location: Sunderland, North East England
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – Raspberry pi3

Hey

I’m after a raspberry pi 3. Preferably with power supply and case.

Wasn’t sure which section to put this in, please more if needed.

What have you got for me.

Location: Manchester

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – Raspberry pi3

Hey

I’m after a raspberry pi 3. Preferably with power supply and case.

Wasn’t sure which section to put this in, please more if needed.

What have you got for me.

Location: Manchester

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – 1000W EVGA SuperNOVA 1000 T2, Full Modular, 80 PLUS Titanium, SLI/CrossFire 10Yr Warranty

Hi,
A sealed and therefore unused EVGA power supply for sale.

This is an RMA replacement for a lower spec 1000 G2, which was having issues for me.

This is simply overkill for my needs, but if you are looking for the ultimate power supply for a gaming rig, this will certainly fit the bill for you.

Cheers, Lee

Price and currency: 200
Delivery: Delivery cost is included within my country
Payment method: Bank Transfer or Paypal gift
Location: Sunderland, North East England
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – Raspberry pi3

Hey

I’m after a raspberry pi 3. Preferably with power supply and case.

Wasn’t sure which section to put this in, please more if needed.

What have you got for me.

Location: Manchester

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

CCleaner malware spread via supply chain attack

Researchers discovered a popular system maintenance tool was the victim of a supply chain attack that put potentially millions of users at risk of downloading a malicious update.

CCleaner is a tool designed to help consumers perform basic PC maintenance functions like removing cached files, browsing data and defragmenting hard drives. CCleaner is made by Piriform Ltd., a UK-based software maker that was acquired by antivirus company Avast Software in July. The compromised update of the tool was first discovered by Israeli endpoint security firm Morphisec following an investigation that began on Sept. 11th, but the company claims it began blocking the CCleaner malware at customer sites on Aug. 20th.

“A backdoor transplanted into a security product through its production chain presents a new unseen threat level which poses a great risk and shakes customers’ trust,” wrote Michael Gorelik, vice president of research and development at Morphisec in a blog post. “As such, we immediately, as part of our responsible disclosure policy, contacted Avast and shared all the information required for them to resolve the issue promptly. Customers safety is our top concern.”

The CCleaner malware gathered information about systems and transmitted it to a command and control (C&C) server; it was reportedly downloaded by users for close to one month from August 15 to September 12, according to Morphisec. However, Avast noted that the CCleaner malware was limited to running on 32-bit systems and would only run if the affected user profile had administrator privileges.

Avast said CCleaner claims to have more than 2 billion downloads and adds new users at a rate of 5 million per week, but because only the 32-bit and cloud versions of CCleaner were compromised, the company estimated just 2.27 million users were affected.

Impact of the CCleaner malware

A team of researchers at Cisco Talos, which included Edmund Brumaghin, threat researcher, Ross Gibb, senior information security analyst, Warren Mercer, technical leader, Matthew Molyett, research engineer, and Craig Williams, senior technical leader, discovered and analyzed the CCleaner malware soon after Morphisec. According to the Cisco Talos team, Avast unwittingly distributed legitimate signed versions of CCleaner and CCleaner Cloud which “contained a multi-stage malware payload that rode on top of the installation.”

“This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates,” Talos researchers wrote in their analysis. “In many organizations data received from commonly software vendors rarely receives the same level of scrutiny as that which is applied to what is perceived as untrusted sources. Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected.”

What makes this attack particularly worrying is the volume of downloads this software receives leaving a huge number of users exposed.
James MaudeSenior security engineer for Avecto

James Maude, senior security engineer for Avecto, a privilege management software maker, said it was especially concerning that the CCleaner malware included the official code signature from Avast.

“Given that CCleaner is designed to be installed by a user with admin rights, and the malware was not only embedded within it but also signed by the developers own code signing certificate (giving it a high level of trust), this is pretty dangerous,” Maude told SearchSecurity via email. “This means that the malware, and therefore the attacker, would have complete control of the system and the ability to access almost anything they wanted. What makes this attack particularly worrying is the volume of downloads this software receives leaving a huge number of users exposed.”

Itsik Mantin, director of security research at security software company Imperva, said the CCleaner malware incident shows “there’s not much users can do when the vendor gets infected.”

“This hack creates a new reality where users need to assume that their desktops, laptops and smartphones are infected, which has been the reality for security officers at organizations in the last years,” Mantin told SearchSecurity. “For organizations, this does not really matter as security officers are accustomed to the reality that they should always assume the attackers are in, are looking for ways to spread the infection within the organization and are searching for business sensitive data to steal or corrupt.”

Avast response to the CCleaner malware incident

Vince Steckler, CEO of Avast Software, and Ondřej Vlček, executive vice president and general manager of the consumer business unit, released a statement saying the company remediated the issue within 72 hours of becoming aware of the problem by releasing an clean update without the malware. They also stated Avast is working with law enforcement to shut down the CCleaner malware C&C server on Sept. 15th.

The Avast execs downplayed their company’s involvement by saying they “strongly suspect that Piriform was being targeted while they were operating as a standalone company, prior to the Avast acquisition,” and that the compromise “may have started on July 3rd,” two weeks before Avast’s acquisition of Piriform was complete. Avast also claimed the compromised update took four weeks to discover due to “the sophistication of the attack.”

Avast asserted users “should upgrade even though they are not at risk as the malware has been disabled on the server side,” and claimed it was unnecessary to follow the suggestions by Talos and other experts to restore systems to a date before Aug. 15, 2017 to ensure removal of the CCleaner malware.

“Based on the analysis of this data, we believe that the second stage payload never activated, i.e. the only malicious code present on customer machines was the one embedded in the ccleaner.exe binary,” Steckler and Vlček wrote. “Therefore, we consider restoring the affected machines to the pre-August 15 state unnecessary. By similar logic, security companies are not usually advising customers to reformat their machines after a remote code execution vulnerability is identified on their computer.”

Supply chain attacks

Experts said the CCleaner malware incident should be a reminder of the dangers of supply chain attacks.

Marco Cova, senior security researcher at malware protection vendor Lastline, said the recent NotPetya attacks were another case of a supply chain attack “where an otherwise trusted software vendor gets compromised and the update mechanism of the programs they distribute is leveraged to distribute malware.”

“This is sort of a holy grail for malware authors because they can efficiently distribute their malware, hide it in a trusted channel, and reach a potentially large number of users,” Cova told SearchSecurity. “It appears that the build process of CCleaner itself was compromised: that is, attackers had access to the infrastructure used to build the software itself. This is very troublesome because it indicates that attackers were able to control a critical piece of the infrastructure used by the vendor.”

Jonathan Cran, vice president of product at Bugcrowd, told SearchSecurity the CCleaner malware issue appeared to be “less of a traditional supply chain attack and more of a case of poor vendor security. Given that the affected installer was signed as a verified safe binary by Piriform, this indicates that they didn’t realize at the time of release and that the corporate network of Piriform was likely compromised.”

Justin Fier, director for cyber intelligence and analysis at threat detection company Darktrace, said this “should come as yet another wake-up call that corporations must have visibility into how their suppliers interact with their systems, as well as a real-time assessment of their suppliers’ cyber risk.”

“The risk that companies inherit from their suppliers is a pervasive problem for cybersecurity. Quite simply, companies with a supply chain cannot avoid compromises — supply chain breaches are inevitable,” Fier told SearchSecurity. “The assessment of potential supply chain partners is often a rushed process in terms of evaluating their cyber security level, and is rarely as in-depth as it should be. While we can’t change the security posture of our supply chains, we can have a transparent relationship when it comes to cyber risk.”

For Sale – 1000W EVGA SuperNOVA 1000 T2, Full Modular, 80 PLUS Titanium, SLI/CrossFire 10Yr Warranty

Hi,
A sealed and therefore unused EVGA power supply for sale.

This is an RMA replacement for a lower spec 1000 G2, which was having issues for me.

This is simply overkill for my needs, but if you are looking for the ultimate power supply for a gaming rig, this will certainly fit the bill for you.

Cheers, Lee

Price and currency: 240
Delivery: Delivery cost is included within my country
Payment method: Bank Transfer or Paypal gift
Location: Sunderland, North East England
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – 1000W EVGA SuperNOVA 1000 T2, Full Modular, 80 PLUS Titanium, SLI/CrossFire 10Yr Warranty

Hi,
A sealed and therefore unused EVGA power supply for sale.

This is an RMA replacement for a lower spec 1000 G2, which was having issues for me.

This is simply overkill for my needs, but if you are looking for the ultimate power supply for a gaming rig, this will certainly fit the bill for you.

Cheers, Lee

Price and currency: 240
Delivery: Delivery cost is included within my country
Payment method: Bank Transfer or Paypal gift
Location: Sunderland, North East England
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.