#software-supply-chain

[ follow ]
#cybersecurity
Software development
fromDevOps.com
2 months ago

OpenSSF Defines Baseline for Securing Open Source Software - DevOps.com

OpenSSF's OSPS Baseline aims to enhance security for small open source teams.
It provides attainable security practices based on established standards.
Information security
fromThe Hacker News
2 months ago

Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads

A malicious Python library on PyPI allows unauthorized music downloads from Deezer, posing risks to users and violating Deezer's terms.
Information security
fromchannelpro
6 months ago

UK Public sector at risk from supply chain attacks, new report warns

UK public sector organizations are highly vulnerable to cyberattacks due to limited visibility into their software supply chains.
Information security
fromThe Hacker News
7 months ago

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity researchers have found malicious Python packages targeting developers disguised as coding assessments, part of an ongoing campaign linked to the Lazarus Group.
Information security
fromThe Hacker News
5 months ago

XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

A software supply chain attack on npm packages has persisted for over a year, embedding malware that steals data and mines cryptocurrency.
Software development
fromDevOps.com
2 months ago

OpenSSF Defines Baseline for Securing Open Source Software - DevOps.com

OpenSSF's OSPS Baseline aims to enhance security for small open source teams.
It provides attainable security practices based on established standards.
Information security
fromThe Hacker News
2 months ago

Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads

A malicious Python library on PyPI allows unauthorized music downloads from Deezer, posing risks to users and violating Deezer's terms.
Information security
fromchannelpro
6 months ago

UK Public sector at risk from supply chain attacks, new report warns

UK public sector organizations are highly vulnerable to cyberattacks due to limited visibility into their software supply chains.
Information security
fromThe Hacker News
7 months ago

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity researchers have found malicious Python packages targeting developers disguised as coding assessments, part of an ongoing campaign linked to the Lazarus Group.
Information security
fromThe Hacker News
5 months ago

XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

A software supply chain attack on npm packages has persisted for over a year, embedding malware that steals data and mines cryptocurrency.
more#cybersecurity
#vulnerabilities
Information security
fromTechzine Global
1 month ago

AI is making the software supply chain more perilous than ever

The JFrog report highlights security risks in the software supply chain, detailing threats from vulnerabilities, malicious packages, exposed secrets, and human error.
fromSecuritymagazine
5 months ago
Information security

U.S. is the to generator of anonymous open source contributions

The U.S. and Russia are the biggest contributors to open source projects, which carry significant vulnerabilities.
Information security
fromTechzine Global
1 month ago

AI is making the software supply chain more perilous than ever

The JFrog report highlights security risks in the software supply chain, detailing threats from vulnerabilities, malicious packages, exposed secrets, and human error.
fromSecuritymagazine
5 months ago
Information security

U.S. is the to generator of anonymous open source contributions

The U.S. and Russia are the biggest contributors to open source projects, which carry significant vulnerabilities.
more#vulnerabilities
#ai
fromDevOps.com
11 months ago
Information security

Lineaje Adds Module to Manage Open Source Software Security Lifecycle - DevOps.com

Lineaje's Open Source Manager (OSM) with AI helps prioritize remediation efforts for DevOps teams.
fromDevOps.com
11 months ago
Information security

Lineaje Adds Module to Manage Open Source Software Security Lifecycle - DevOps.com

Lineaje's Open Source Manager (OSM) with AI helps prioritize remediation efforts for DevOps teams.
more#ai
Tech industry
fromTechCrunch
2 months ago

Cloudsmith raises $23M to improve software supply chain security | TechCrunch

Cloudsmith aims to improve software supply chain security by providing a robust artifact management platform.
#devsecops
fromDevOps.com
4 months ago
Information security

OpenText Allies With Secure Code Warrior to Improve Application Security - DevOps.com

OpenText and Secure Code Warrior simplify learning for developers on DevSecOps best practices and streamline security training access.
fromDevOps.com
8 months ago
Information security

Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.com

Endor Labs introduced analytics to assess challenges in upgrading open source packages, aiding DevSecOps in making informed decisions.
fromDevOps.com
4 months ago
Information security

OpenText Allies With Secure Code Warrior to Improve Application Security - DevOps.com

OpenText and Secure Code Warrior simplify learning for developers on DevSecOps best practices and streamline security training access.
fromDevOps.com
8 months ago
Information security

Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.com

Endor Labs introduced analytics to assess challenges in upgrading open source packages, aiding DevSecOps in making informed decisions.
more#devsecops
#open-source
fromTechCrunch
6 months ago
Information security

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.
fromTechCrunch
6 months ago
DevOps

Stacklok donates its Minder supply chain security project to the OpenSSF | TechCrunch

Stacklok donates Minder to OpenSSF, aiming to enhance open-source security through proactive checks and policies combined with cryptographic signing.
fromTechCrunch
6 months ago
Information security

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.
fromTechCrunch
6 months ago
DevOps

Stacklok donates its Minder supply chain security project to the OpenSSF | TechCrunch

Stacklok donates Minder to OpenSSF, aiming to enhance open-source security through proactive checks and policies combined with cryptographic signing.
more#open-source
fromthenewstack.io
6 months ago
Software development

Meta Measures Developer Productivity via Software Supply Chains

Developer productivity should focus on impact rather than speed or quantity of code.
A holistic approach can better measure productivity through the software supply chain.
fromComputerWeekly.com
8 months ago
Information security

Study highlights secure software supply chain best practices | Computer Weekly

IT decision-makers prioritize improving software supply chain security in response to rising concerns about supply chain attacks.
fromInfoWorld
10 months ago
DevOps

GitHub Artifact Attestions now generally available

Artifact Attestations ensure integrity of artifacts in GitHub Actions by linking them to source code and build instructions.
[ Load more ]