JFrog makes big splash on Nvidia lilypadJFrog integrates with Nvidia to enhance AI capabilities and improve software supply chain security for ML models.
Lineaje Adds Module to Manage Open Source Software Security Lifecycle - DevOps.comLineaje's Open Source Manager (OSM) with AI helps prioritize remediation efforts for DevOps teams.
GitLab devsecops survey finds progress, new prioritiesOrganizations prioritize investments in AI, security, and automation, focusing on software supply chain security.
JFrog makes big splash on Nvidia lilypadJFrog integrates with Nvidia to enhance AI capabilities and improve software supply chain security for ML models.
Lineaje Adds Module to Manage Open Source Software Security Lifecycle - DevOps.comLineaje's Open Source Manager (OSM) with AI helps prioritize remediation efforts for DevOps teams.
GitLab devsecops survey finds progress, new prioritiesOrganizations prioritize investments in AI, security, and automation, focusing on software supply chain security.
OpenSSF Defines Baseline for Securing Open Source Software - DevOps.comOpenSSF's OSPS Baseline aims to enhance security for small open source teams.It provides attainable security practices based on established standards.
Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music DownloadsA malicious Python library on PyPI allows unauthorized music downloads from Deezer, posing risks to users and violating Deezer's terms.
UK Public sector at risk from supply chain attacks, new report warnsUK public sector organizations are highly vulnerable to cyberattacks due to limited visibility into their software supply chains.
Security leaders weigh in on Biden's new cybersecurity executive orderThe Biden Administration's new cyber executive order aims to strengthen national cybersecurity across various critical areas.
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread MalwareCybersecurity researchers have found malicious Python packages targeting developers disguised as coding assessments, part of an ongoing campaign linked to the Lazarus Group.
Open source malware surged by 156% in 2024The rise of open source malware presents significant risks to software supply chains, with a staggering increase in malicious packages identified.
OpenSSF Defines Baseline for Securing Open Source Software - DevOps.comOpenSSF's OSPS Baseline aims to enhance security for small open source teams.It provides attainable security practices based on established standards.
Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music DownloadsA malicious Python library on PyPI allows unauthorized music downloads from Deezer, posing risks to users and violating Deezer's terms.
UK Public sector at risk from supply chain attacks, new report warnsUK public sector organizations are highly vulnerable to cyberattacks due to limited visibility into their software supply chains.
Security leaders weigh in on Biden's new cybersecurity executive orderThe Biden Administration's new cyber executive order aims to strengthen national cybersecurity across various critical areas.
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread MalwareCybersecurity researchers have found malicious Python packages targeting developers disguised as coding assessments, part of an ongoing campaign linked to the Lazarus Group.
Open source malware surged by 156% in 2024The rise of open source malware presents significant risks to software supply chains, with a staggering increase in malicious packages identified.
Cloudsmith raises $23M to improve software supply chain security | TechCrunchCloudsmith aims to improve software supply chain security by providing a robust artifact management platform.
OpenText Allies With Secure Code Warrior to Improve Application Security - DevOps.comOpenText and Secure Code Warrior simplify learning for developers on DevSecOps best practices and streamline security training access.
Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.comEndor Labs introduced analytics to assess challenges in upgrading open source packages, aiding DevSecOps in making informed decisions.
OpenText Allies With Secure Code Warrior to Improve Application Security - DevOps.comOpenText and Secure Code Warrior simplify learning for developers on DevSecOps best practices and streamline security training access.
Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.comEndor Labs introduced analytics to assess challenges in upgrading open source packages, aiding DevSecOps in making informed decisions.
Socket lands a fresh $40M to scan software for security flaws | TechCrunchThe software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.
Sonatype Report Surfaces Software Supply Chain Security Challenges - DevOps.comThere has been a 156% increase in malicious open source packages, indicating significant risk for developers.
U.S. is the to generator of anonymous open source contributionsThe U.S. and Russia are the biggest contributors to open source projects, which carry significant vulnerabilities.
Stacklok donates its Minder supply chain security project to the OpenSSF | TechCrunchStacklok donates Minder to OpenSSF, aiming to enhance open-source security through proactive checks and policies combined with cryptographic signing.
Socket lands a fresh $40M to scan software for security flaws | TechCrunchThe software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.
Sonatype Report Surfaces Software Supply Chain Security Challenges - DevOps.comThere has been a 156% increase in malicious open source packages, indicating significant risk for developers.
U.S. is the to generator of anonymous open source contributionsThe U.S. and Russia are the biggest contributors to open source projects, which carry significant vulnerabilities.
Stacklok donates its Minder supply chain security project to the OpenSSF | TechCrunchStacklok donates Minder to OpenSSF, aiming to enhance open-source security through proactive checks and policies combined with cryptographic signing.
Meta Measures Developer Productivity via Software Supply ChainsDeveloper productivity should focus on impact rather than speed or quantity of code.A holistic approach can better measure productivity through the software supply chain.
Report: High Risks to Software Supply Chains are Commonplace - DevOps.com95% of organizations have critical risks in their software supply chain.
SBOM as a Cornerstone of Secure Software Development - DevOps.comSBOMs enhance software security by providing transparency and traceability of all components within software applications.
Report: High Risks to Software Supply Chains are Commonplace - DevOps.com95% of organizations have critical risks in their software supply chain.
SBOM as a Cornerstone of Secure Software Development - DevOps.comSBOMs enhance software security by providing transparency and traceability of all components within software applications.
Study highlights secure software supply chain best practices | Computer WeeklyIT decision-makers prioritize improving software supply chain security in response to rising concerns about supply chain attacks.
GitHub Artifact Attestions now generally availableArtifact Attestations ensure integrity of artifacts in GitHub Actions by linking them to source code and build instructions.
Software Supply Chain Security with PhylumThe article discusses the importance of ensuring security in software supply chains, with insights from an industry expert.
GitHub's 2FA rollout boosts supply chain securityGitHub implemented mandatory 2FA for code contributors to enhance software supply chain security.
GitHub Artifact Attestions now generally availableArtifact Attestations ensure integrity of artifacts in GitHub Actions by linking them to source code and build instructions.
Software Supply Chain Security with PhylumThe article discusses the importance of ensuring security in software supply chains, with insights from an industry expert.
GitHub's 2FA rollout boosts supply chain securityGitHub implemented mandatory 2FA for code contributors to enhance software supply chain security.