#software-supply-chain

[ follow ]
#open-source

Stacklok donates its Minder supply chain security project to the OpenSSF | TechCrunch

Stacklok donates Minder to OpenSSF, aiming to enhance open-source security through proactive checks and policies combined with cryptographic signing.

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.

Sonatype Report Surfaces Software Supply Chain Security Challenges - DevOps.com

There has been a 156% increase in malicious open source packages, indicating significant risk for developers.

Software supply chain security still in early days, says CEO

Software supply chain vulnerabilities are increasing due to reliance on untrusted sources, requiring better management and vetting processes.

Stacklok donates its Minder supply chain security project to the OpenSSF | TechCrunch

Stacklok donates Minder to OpenSSF, aiming to enhance open-source security through proactive checks and policies combined with cryptographic signing.

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.

Sonatype Report Surfaces Software Supply Chain Security Challenges - DevOps.com

There has been a 156% increase in malicious open source packages, indicating significant risk for developers.

Software supply chain security still in early days, says CEO

Software supply chain vulnerabilities are increasing due to reliance on untrusted sources, requiring better management and vetting processes.
moreopen-source

Meta Measures Developer Productivity via Software Supply Chains

Developer productivity should focus on impact rather than speed or quantity of code.
A holistic approach can better measure productivity through the software supply chain.
#cybersecurity
from Securitymagazine
3 weeks ago
Information security

Guarding Democracy: The software supply chain's role in elections

Voter confidence in the election process is dangerously low, emphasizing the importance of election security.
The vulnerabilities in software supply chains pose a serious threat to the integrity of the voting system.

UK Public sector at risk from supply chain attacks, new report warns

UK public sector organizations are highly vulnerable to cyberattacks due to limited visibility into their software supply chains.

Combating cyber threats with zero trust and supply chain security

The cyber threat landscape is increasingly complex, necessitating a zero-trust security approach and strong identity management to mitigate risks.

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity researchers have found malicious Python packages targeting developers disguised as coding assessments, part of an ongoing campaign linked to the Lazarus Group.

Lineaje raises $20M to help organizations combat software supply chain threats | TechCrunch

Supply chain attacks on software are rampant, with financial implications and national security concerns.

Survey: Cyberattacks Aimed at Software Supply Chains are Pervasive - DevOps.com

91% of organizations have experienced a software supply chain incident in the past year
Zero-day exploits and misconfigured cloud services are the most common attack vectors

Guarding Democracy: The software supply chain's role in elections

Voter confidence in the election process is dangerously low, emphasizing the importance of election security.
The vulnerabilities in software supply chains pose a serious threat to the integrity of the voting system.

UK Public sector at risk from supply chain attacks, new report warns

UK public sector organizations are highly vulnerable to cyberattacks due to limited visibility into their software supply chains.

Combating cyber threats with zero trust and supply chain security

The cyber threat landscape is increasingly complex, necessitating a zero-trust security approach and strong identity management to mitigate risks.

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity researchers have found malicious Python packages targeting developers disguised as coding assessments, part of an ongoing campaign linked to the Lazarus Group.

Lineaje raises $20M to help organizations combat software supply chain threats | TechCrunch

Supply chain attacks on software are rampant, with financial implications and national security concerns.

Survey: Cyberattacks Aimed at Software Supply Chains are Pervasive - DevOps.com

91% of organizations have experienced a software supply chain incident in the past year
Zero-day exploits and misconfigured cloud services are the most common attack vectors
morecybersecurity
#vulnerabilities

SBOM as a Cornerstone of Secure Software Development - DevOps.com

SBOMs enhance software security by providing transparency and traceability of all components within software applications.

Report: High Risks to Software Supply Chains are Commonplace - DevOps.com

95% of organizations have critical risks in their software supply chain.

SBOM as a Cornerstone of Secure Software Development - DevOps.com

SBOMs enhance software security by providing transparency and traceability of all components within software applications.

Report: High Risks to Software Supply Chains are Commonplace - DevOps.com

95% of organizations have critical risks in their software supply chain.
morevulnerabilities

Study highlights secure software supply chain best practices | Computer Weekly

IT decision-makers prioritize improving software supply chain security in response to rising concerns about supply chain attacks.
#devsecops

Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.com

Endor Labs introduced analytics to assess challenges in upgrading open source packages, aiding DevSecOps in making informed decisions.

Techstrong Research: Combatting CI/CD Security Anti-Patterns - DevOps.com

The security of software supply chains and CI/CD pipelines is crucial in modern software delivery processes.
Identifying and rectifying CI/CD security anti-patterns is vital to protect against potential breaches and attacks.

GitLab devsecops survey finds progress, new priorities

Organizations prioritize investments in AI, security, and automation, focusing on software supply chain security.

Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.com

Endor Labs introduced analytics to assess challenges in upgrading open source packages, aiding DevSecOps in making informed decisions.

Techstrong Research: Combatting CI/CD Security Anti-Patterns - DevOps.com

The security of software supply chains and CI/CD pipelines is crucial in modern software delivery processes.
Identifying and rectifying CI/CD security anti-patterns is vital to protect against potential breaches and attacks.

GitLab devsecops survey finds progress, new priorities

Organizations prioritize investments in AI, security, and automation, focusing on software supply chain security.
moredevsecops
#vulnerability-management

Lineaje Adds Module to Manage Open Source Software Security Lifecycle - DevOps.com

Lineaje's Open Source Manager (OSM) with AI helps prioritize remediation efforts for DevOps teams.

Cycode Discloses GitHub Actions Vulnerability in Google Bazel Project - DevOps.com

Researchers discovered a command injection vulnerability in GitHub Actions used to update the Bazel project.
The vulnerability could have allowed the insertion of malicious code into the codebase managed by Google.

Lineaje Adds Module to Manage Open Source Software Security Lifecycle - DevOps.com

Lineaje's Open Source Manager (OSM) with AI helps prioritize remediation efforts for DevOps teams.

Cycode Discloses GitHub Actions Vulnerability in Google Bazel Project - DevOps.com

Researchers discovered a command injection vulnerability in GitHub Actions used to update the Bazel project.
The vulnerability could have allowed the insertion of malicious code into the codebase managed by Google.
morevulnerability-management
#security

GitHub's 2FA rollout boosts supply chain security

GitHub implemented mandatory 2FA for code contributors to enhance software supply chain security.

Software Supply Chain Security with Phylum

The article discusses the importance of ensuring security in software supply chains, with insights from an industry expert.

GitHub Artifact Attestions now generally available

Artifact Attestations ensure integrity of artifacts in GitHub Actions by linking them to source code and build instructions.

GitHub's 2FA rollout boosts supply chain security

GitHub implemented mandatory 2FA for code contributors to enhance software supply chain security.

Software Supply Chain Security with Phylum

The article discusses the importance of ensuring security in software supply chains, with insights from an industry expert.

GitHub Artifact Attestions now generally available

Artifact Attestations ensure integrity of artifacts in GitHub Actions by linking them to source code and build instructions.
moresecurity

ReversingLabs Applies AI to Better Secure Application Binaries - DevOps.com

ReversingLabs has launched Spectra Assure, a binary analysis tool that uses machine learning to identify risks in software packages.
The tool can analyze the entire software package, including first-, second-, and third-party components, to identify potential threats.
Spectra Assure is designed for both software producers and organizations that deploy software, filling a gap in the software supply chain.
[ Load more ]