#software-supply-chain

[ follow ]
#cybersecurity

UK Public sector at risk from supply chain attacks, new report warns

UK public sector organizations are highly vulnerable to cyberattacks due to limited visibility into their software supply chains.

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity researchers have found malicious Python packages targeting developers disguised as coding assessments, part of an ongoing campaign linked to the Lazarus Group.

Open source malware surged by 156% in 2024

The rise of open source malware presents significant risks to software supply chains, with a staggering increase in malicious packages identified.

XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

A software supply chain attack on npm packages has persisted for over a year, embedding malware that steals data and mines cryptocurrency.

Survey: Cyberattacks Aimed at Software Supply Chains are Pervasive - DevOps.com

91% of organizations have experienced a software supply chain incident in the past year
Zero-day exploits and misconfigured cloud services are the most common attack vectors

Combating cyber threats with zero trust and supply chain security

The cyber threat landscape is increasingly complex, necessitating a zero-trust security approach and strong identity management to mitigate risks.

UK Public sector at risk from supply chain attacks, new report warns

UK public sector organizations are highly vulnerable to cyberattacks due to limited visibility into their software supply chains.

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity researchers have found malicious Python packages targeting developers disguised as coding assessments, part of an ongoing campaign linked to the Lazarus Group.

Open source malware surged by 156% in 2024

The rise of open source malware presents significant risks to software supply chains, with a staggering increase in malicious packages identified.

XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

A software supply chain attack on npm packages has persisted for over a year, embedding malware that steals data and mines cryptocurrency.

Survey: Cyberattacks Aimed at Software Supply Chains are Pervasive - DevOps.com

91% of organizations have experienced a software supply chain incident in the past year
Zero-day exploits and misconfigured cloud services are the most common attack vectors

Combating cyber threats with zero trust and supply chain security

The cyber threat landscape is increasingly complex, necessitating a zero-trust security approach and strong identity management to mitigate risks.
morecybersecurity
#devsecops

Techstrong Research: Combatting CI/CD Security Anti-Patterns - DevOps.com

The security of software supply chains and CI/CD pipelines is crucial in modern software delivery processes.
Identifying and rectifying CI/CD security anti-patterns is vital to protect against potential breaches and attacks.

OpenText Allies With Secure Code Warrior to Improve Application Security - DevOps.com

OpenText and Secure Code Warrior simplify learning for developers on DevSecOps best practices and streamline security training access.

Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.com

Endor Labs introduced analytics to assess challenges in upgrading open source packages, aiding DevSecOps in making informed decisions.

GitLab devsecops survey finds progress, new priorities

Organizations prioritize investments in AI, security, and automation, focusing on software supply chain security.

Techstrong Research: Combatting CI/CD Security Anti-Patterns - DevOps.com

The security of software supply chains and CI/CD pipelines is crucial in modern software delivery processes.
Identifying and rectifying CI/CD security anti-patterns is vital to protect against potential breaches and attacks.

OpenText Allies With Secure Code Warrior to Improve Application Security - DevOps.com

OpenText and Secure Code Warrior simplify learning for developers on DevSecOps best practices and streamline security training access.

Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.com

Endor Labs introduced analytics to assess challenges in upgrading open source packages, aiding DevSecOps in making informed decisions.

GitLab devsecops survey finds progress, new priorities

Organizations prioritize investments in AI, security, and automation, focusing on software supply chain security.
moredevsecops
#open-source

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.

Sonatype Report Surfaces Software Supply Chain Security Challenges - DevOps.com

There has been a 156% increase in malicious open source packages, indicating significant risk for developers.

U.S. is the to generator of anonymous open source contributions

The U.S. and Russia are the biggest contributors to open source projects, which carry significant vulnerabilities.

Stacklok donates its Minder supply chain security project to the OpenSSF | TechCrunch

Stacklok donates Minder to OpenSSF, aiming to enhance open-source security through proactive checks and policies combined with cryptographic signing.

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.

Sonatype Report Surfaces Software Supply Chain Security Challenges - DevOps.com

There has been a 156% increase in malicious open source packages, indicating significant risk for developers.

U.S. is the to generator of anonymous open source contributions

The U.S. and Russia are the biggest contributors to open source projects, which carry significant vulnerabilities.

Stacklok donates its Minder supply chain security project to the OpenSSF | TechCrunch

Stacklok donates Minder to OpenSSF, aiming to enhance open-source security through proactive checks and policies combined with cryptographic signing.
moreopen-source

Meta Measures Developer Productivity via Software Supply Chains

Developer productivity should focus on impact rather than speed or quantity of code.
A holistic approach can better measure productivity through the software supply chain.
#vulnerabilities

Report: High Risks to Software Supply Chains are Commonplace - DevOps.com

95% of organizations have critical risks in their software supply chain.

SBOM as a Cornerstone of Secure Software Development - DevOps.com

SBOMs enhance software security by providing transparency and traceability of all components within software applications.

Report: High Risks to Software Supply Chains are Commonplace - DevOps.com

95% of organizations have critical risks in their software supply chain.

SBOM as a Cornerstone of Secure Software Development - DevOps.com

SBOMs enhance software security by providing transparency and traceability of all components within software applications.
morevulnerabilities

Study highlights secure software supply chain best practices | Computer Weekly

IT decision-makers prioritize improving software supply chain security in response to rising concerns about supply chain attacks.
#vulnerability-management

Cycode Discloses GitHub Actions Vulnerability in Google Bazel Project - DevOps.com

Researchers discovered a command injection vulnerability in GitHub Actions used to update the Bazel project.
The vulnerability could have allowed the insertion of malicious code into the codebase managed by Google.

Lineaje Adds Module to Manage Open Source Software Security Lifecycle - DevOps.com

Lineaje's Open Source Manager (OSM) with AI helps prioritize remediation efforts for DevOps teams.

Cycode Discloses GitHub Actions Vulnerability in Google Bazel Project - DevOps.com

Researchers discovered a command injection vulnerability in GitHub Actions used to update the Bazel project.
The vulnerability could have allowed the insertion of malicious code into the codebase managed by Google.

Lineaje Adds Module to Manage Open Source Software Security Lifecycle - DevOps.com

Lineaje's Open Source Manager (OSM) with AI helps prioritize remediation efforts for DevOps teams.
morevulnerability-management
#security

GitHub Artifact Attestions now generally available

Artifact Attestations ensure integrity of artifacts in GitHub Actions by linking them to source code and build instructions.

Software Supply Chain Security with Phylum

The article discusses the importance of ensuring security in software supply chains, with insights from an industry expert.

GitHub's 2FA rollout boosts supply chain security

GitHub implemented mandatory 2FA for code contributors to enhance software supply chain security.

GitHub Artifact Attestions now generally available

Artifact Attestations ensure integrity of artifacts in GitHub Actions by linking them to source code and build instructions.

Software Supply Chain Security with Phylum

The article discusses the importance of ensuring security in software supply chains, with insights from an industry expert.

GitHub's 2FA rollout boosts supply chain security

GitHub implemented mandatory 2FA for code contributors to enhance software supply chain security.
moresecurity

ReversingLabs Applies AI to Better Secure Application Binaries - DevOps.com

ReversingLabs has launched Spectra Assure, a binary analysis tool that uses machine learning to identify risks in software packages.
The tool can analyze the entire software package, including first-, second-, and third-party components, to identify potential threats.
Spectra Assure is designed for both software producers and organizations that deploy software, filling a gap in the software supply chain.
[ Load more ]