#software-supply-chain

[ follow ]
#open-source

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.

Sonatype Report Surfaces Software Supply Chain Security Challenges - DevOps.com

There has been a 156% increase in malicious open source packages, indicating significant risk for developers.

Software supply chain security still in early days, says CEO

Software supply chain vulnerabilities are increasing due to reliance on untrusted sources, requiring better management and vetting processes.

Stacklok donates its Minder supply chain security project to the OpenSSF | TechCrunch

Stacklok donates Minder to OpenSSF, aiming to enhance open-source security through proactive checks and policies combined with cryptographic signing.

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.

Sonatype Report Surfaces Software Supply Chain Security Challenges - DevOps.com

There has been a 156% increase in malicious open source packages, indicating significant risk for developers.

Software supply chain security still in early days, says CEO

Software supply chain vulnerabilities are increasing due to reliance on untrusted sources, requiring better management and vetting processes.

Stacklok donates its Minder supply chain security project to the OpenSSF | TechCrunch

Stacklok donates Minder to OpenSSF, aiming to enhance open-source security through proactive checks and policies combined with cryptographic signing.
moreopen-source

Meta Measures Developer Productivity via Software Supply Chains

Developer productivity should focus on impact rather than speed or quantity of code.
A holistic approach can better measure productivity through the software supply chain.
#cybersecurity

UK Public sector at risk from supply chain attacks, new report warns

UK public sector organizations are highly vulnerable to cyberattacks due to limited visibility into their software supply chains.

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity researchers have found malicious Python packages targeting developers disguised as coding assessments, part of an ongoing campaign linked to the Lazarus Group.

Survey: Cyberattacks Aimed at Software Supply Chains are Pervasive - DevOps.com

91% of organizations have experienced a software supply chain incident in the past year
Zero-day exploits and misconfigured cloud services are the most common attack vectors

Combating cyber threats with zero trust and supply chain security

The cyber threat landscape is increasingly complex, necessitating a zero-trust security approach and strong identity management to mitigate risks.

Guarding Democracy: The software supply chain's role in elections

Voter confidence in the election process is dangerously low, emphasizing the importance of election security.
The vulnerabilities in software supply chains pose a serious threat to the integrity of the voting system.

US regulators have done little to address firmware vulnerabilities, think tank argues

Firmware vulnerabilities in devices are frequently exposed to security risks but have not received enough attention from lawmakers and federal officials.
Firmware-linked cyberattacks are often harder to detect and remove compared to software cyberattacks.

UK Public sector at risk from supply chain attacks, new report warns

UK public sector organizations are highly vulnerable to cyberattacks due to limited visibility into their software supply chains.

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity researchers have found malicious Python packages targeting developers disguised as coding assessments, part of an ongoing campaign linked to the Lazarus Group.

Survey: Cyberattacks Aimed at Software Supply Chains are Pervasive - DevOps.com

91% of organizations have experienced a software supply chain incident in the past year
Zero-day exploits and misconfigured cloud services are the most common attack vectors

Combating cyber threats with zero trust and supply chain security

The cyber threat landscape is increasingly complex, necessitating a zero-trust security approach and strong identity management to mitigate risks.

Guarding Democracy: The software supply chain's role in elections

Voter confidence in the election process is dangerously low, emphasizing the importance of election security.
The vulnerabilities in software supply chains pose a serious threat to the integrity of the voting system.

US regulators have done little to address firmware vulnerabilities, think tank argues

Firmware vulnerabilities in devices are frequently exposed to security risks but have not received enough attention from lawmakers and federal officials.
Firmware-linked cyberattacks are often harder to detect and remove compared to software cyberattacks.
morecybersecurity
#vulnerabilities

Report: High Risks to Software Supply Chains are Commonplace - DevOps.com

95% of organizations have critical risks in their software supply chain.

SBOM as a Cornerstone of Secure Software Development - DevOps.com

SBOMs enhance software security by providing transparency and traceability of all components within software applications.

Report: High Risks to Software Supply Chains are Commonplace - DevOps.com

95% of organizations have critical risks in their software supply chain.

SBOM as a Cornerstone of Secure Software Development - DevOps.com

SBOMs enhance software security by providing transparency and traceability of all components within software applications.
morevulnerabilities

Study highlights secure software supply chain best practices | Computer Weekly

IT decision-makers prioritize improving software supply chain security in response to rising concerns about supply chain attacks.
#devsecops

Techstrong Research: Combatting CI/CD Security Anti-Patterns - DevOps.com

The security of software supply chains and CI/CD pipelines is crucial in modern software delivery processes.
Identifying and rectifying CI/CD security anti-patterns is vital to protect against potential breaches and attacks.

Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.com

Endor Labs introduced analytics to assess challenges in upgrading open source packages, aiding DevSecOps in making informed decisions.

GitLab devsecops survey finds progress, new priorities

Organizations prioritize investments in AI, security, and automation, focusing on software supply chain security.

Techstrong Research: Combatting CI/CD Security Anti-Patterns - DevOps.com

The security of software supply chains and CI/CD pipelines is crucial in modern software delivery processes.
Identifying and rectifying CI/CD security anti-patterns is vital to protect against potential breaches and attacks.

Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.com

Endor Labs introduced analytics to assess challenges in upgrading open source packages, aiding DevSecOps in making informed decisions.

GitLab devsecops survey finds progress, new priorities

Organizations prioritize investments in AI, security, and automation, focusing on software supply chain security.
moredevsecops
#vulnerability-management

Cycode Discloses GitHub Actions Vulnerability in Google Bazel Project - DevOps.com

Researchers discovered a command injection vulnerability in GitHub Actions used to update the Bazel project.
The vulnerability could have allowed the insertion of malicious code into the codebase managed by Google.

Lineaje Adds Module to Manage Open Source Software Security Lifecycle - DevOps.com

Lineaje's Open Source Manager (OSM) with AI helps prioritize remediation efforts for DevOps teams.

Cycode Discloses GitHub Actions Vulnerability in Google Bazel Project - DevOps.com

Researchers discovered a command injection vulnerability in GitHub Actions used to update the Bazel project.
The vulnerability could have allowed the insertion of malicious code into the codebase managed by Google.

Lineaje Adds Module to Manage Open Source Software Security Lifecycle - DevOps.com

Lineaje's Open Source Manager (OSM) with AI helps prioritize remediation efforts for DevOps teams.
morevulnerability-management
#security

GitHub Artifact Attestions now generally available

Artifact Attestations ensure integrity of artifacts in GitHub Actions by linking them to source code and build instructions.

Software Supply Chain Security with Phylum

The article discusses the importance of ensuring security in software supply chains, with insights from an industry expert.

GitHub's 2FA rollout boosts supply chain security

GitHub implemented mandatory 2FA for code contributors to enhance software supply chain security.

GitHub Artifact Attestions now generally available

Artifact Attestations ensure integrity of artifacts in GitHub Actions by linking them to source code and build instructions.

Software Supply Chain Security with Phylum

The article discusses the importance of ensuring security in software supply chains, with insights from an industry expert.

GitHub's 2FA rollout boosts supply chain security

GitHub implemented mandatory 2FA for code contributors to enhance software supply chain security.
moresecurity

ReversingLabs Applies AI to Better Secure Application Binaries - DevOps.com

ReversingLabs has launched Spectra Assure, a binary analysis tool that uses machine learning to identify risks in software packages.
The tool can analyze the entire software package, including first-, second-, and third-party components, to identify potential threats.
Spectra Assure is designed for both software producers and organizations that deploy software, filling a gap in the software supply chain.
[ Load more ]