#software-supply-chain

[ follow ]
cybersecurity
Theregister
5 days ago
Information security

Software supply chain security still in early days, says CEO

Software supply chain vulnerabilities are increasing due to reliance on untrusted sources, requiring better management and vetting processes. [ more ]
DevOps.com
2 months ago
Privacy professionals

Survey: Cyberattacks Aimed at Software Supply Chains are Pervasive - DevOps.com

91% of organizations have experienced a software supply chain incident in the past year
Zero-day exploits and misconfigured cloud services are the most common attack vectors [ more ]
Nextgov.com
3 months ago
Privacy professionals

US regulators have done little to address firmware vulnerabilities, think tank argues

Firmware vulnerabilities in devices are frequently exposed to security risks but have not received enough attention from lawmakers and federal officials.
Firmware-linked cyberattacks are often harder to detect and remove compared to software cyberattacks. [ more ]
CyberScoop
4 months ago
Privacy professionals

CISA urges vendors to get rid of default passwords

The Cybersecurity and Infrastructure Security Agency is urging vendors to eliminate default passwords in their products following a hacking spree on water facilities.
CISA has warned about the use of default passwords for internet-facing devices for years, highlighting the potential harm caused by manufacturers distributing products with static default passwords. [ more ]
DevOps.com
5 months ago
Privacy professionals

CISA, NSA Issue Supply Chain Security Guidance Report - DevOps.com

The NSA, ODNI, and CISA have issued guidance to improve software integrity and security.
The guidance focuses on the software supply chain and addresses potential risks.
Open source software management and software bills of materials (SBOM) are emphasized as best practices. [ more ]
morecybersecurity
Developer Tech News
2 weeks ago
Information security

GitHub's 2FA rollout boosts supply chain security

GitHub implemented mandatory 2FA for code contributors to enhance software supply chain security. [ more ]
DevOps.com
2 months ago
Information security

ReversingLabs Applies AI to Better Secure Application Binaries - DevOps.com

ReversingLabs has launched Spectra Assure, a binary analysis tool that uses machine learning to identify risks in software packages.
The tool can analyze the entire software package, including first-, second-, and third-party components, to identify potential threats.
Spectra Assure is designed for both software producers and organizations that deploy software, filling a gap in the software supply chain. [ more ]
DevOps.com
3 months ago
Information security

Cycode Discloses GitHub Actions Vulnerability in Google Bazel Project - DevOps.com

Researchers discovered a command injection vulnerability in GitHub Actions used to update the Bazel project.
The vulnerability could have allowed the insertion of malicious code into the codebase managed by Google. [ more ]
Talkpython
2 weeks ago
Python

Software Supply Chain Security with Phylum

The article discusses the importance of ensuring security in software supply chains, with insights from an industry expert. [ more ]
DevOps.com
2 months ago
Privacy professionals

Techstrong Research: Combatting CI/CD Security Anti-Patterns - DevOps.com

The security of software supply chains and CI/CD pipelines is crucial in modern software delivery processes.
Identifying and rectifying CI/CD security anti-patterns is vital to protect against potential breaches and attacks. [ more ]
[ Load more ]