Coveros

NOVEMBER 7, 2022

We’re also pleased to announce our new secure software supply chain management service—powered by the Tidelift Subscription. A key strategy to safe and secure application development is ensuring the open source components in your software supply chain are as secure, healthy, and well maintained as possible.

Software 52

Software Open Source Conference DevOps 52

Synopsys

JULY 17, 2020

In this week’s webinars, we’ll talk about binary scanning techniques and challenges, and how to reduce your risk with software supply chain management. The post [Webinars] Binary scanning, software supply chain management appeared first on Software Integrity Blog.

Software 52

Software How To Open Source 52

DevOps.com

APRIL 19, 2024

Expect attacks on the open source software supply chain to accelerate, with attackers automating attacks in common open source software projects and package managers.

Open Source 115

Open Source Software Data Continuous Delivery 115

Aqua Security

NOVEMBER 21, 2023

Exposed Kubernetes secrets pose a critical threat of supply chain attack. Aqua Nautilus researchers found that the exposed Kubernetes secrets of hundreds of organizations and open-source projects allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack threat.

SDLC 141

SDLC Blockchain Open Source Software Development 141

Tenable

MARCH 29, 2024

Frequently asked questions about CVE-2024-3094, a supply-chain attack responsible for a backdoor in XZ Utils, a widely used library found in multiple Linux distributions. This modified code can then be used by any software linked to the XZ library and allow for the interception and modification of data used with the library.

Linux 141

Linux Open Source Authentication Operating System 141

Tenable

APRIL 16, 2024

You know Tenable as a cybersecurity industry leader whose world-class exposure management products are trusted by our approximately 43,000 customers, including about 60% of the Fortune 500. Today we’re sharing our experience adopting the supply-chain security framework SLSA, with the hopes that the lessons we learned will be helpful to you.

Software Review 70

Software Review Software Systems Review Guidelines 70

Tenable

MARCH 6, 2024

Two vulnerabilities with publicly available exploit code in JetBrains TeamCity on-premises software could result in attackers bypassing authentication and achieving code execution. Background On March 4, JetBrains published a blog post regarding two security issues affecting TeamCity On-Premises , a software solution for build management.

Authentication 114

Authentication Malware Energy Groups 114

Tenable

SEPTEMBER 15, 2023

Improve OSS supply-chain integrity. Those are some of the initiatives the Linux Foundation’s Open Source Security Foundation (OpenSSF) plans to undertake in the coming year, the group announced at its “Secure Open Source Software Summit 2023” held in Washington, D.C. Create more security guides. this week. “By

Open Source 113

Open Source Systems Review System Software Review 113

DevOps.com

OCTOBER 11, 2022

At the Google Cloud Next ’22 conference, Google today launched a managed Software Delivery Shield (SDS) service to enable DevOps team to store, manage and secure the build artifacts in Artifact Registry. The post Google Looks to Secure Software Supply Chains appeared first on DevOps.com.

Software 105

Software Google Cloud Conference DevOps 105

DevOps.com

OCTOBER 10, 2022

Fresh from raising $25 million in funding, Endor Labs CEO Varun Badhwar said the Dependency Lifecycle Management Platform makes it simpler for organizations to manage dependencies within applications that can […]. The post Endor Labs Applies Graph Analysis to Secure Software Supply Chains appeared first on DevOps.com.

Analysis 118

Analysis Software Applications Organization 118

DevOps.com

JUNE 21, 2021

Google is proposing organizations adopt a framework for securing the integrity of software artifacts across a software supply chain. The post Google Proposes SLSA Framework to Secure Software Supply Chains appeared first on DevOps.com.

Software 106

Software Open Source Product Management Organization 106

Tenable

MARCH 29, 2023

The information presented in this blog post was current as of March 29. Image Source: Tenable, March 2023 Is this a supply chain attack? Yes, SentinelOne published a blog post calling it the “SmoothOperator” campaign. Sophos X-Ops team also published a blog post calling it a DLL-sideloading attack.

Windows 101

Windows Report VOIP Research 101

DevOps.com

APRIL 17, 2023

Lineaje, a provider of a platform for securing software supply chains, today published an analysis of 41,989 open source components embedded in the top 44 popular projects managed by the Apache Software Foundation (ASF).

Open Source 129

Open Source Report Software Analysis 129

Lacework

FEBRUARY 7, 2024

In this blog, we’ll explore the motivations of bad actors, the top threats the Lacework Labs team is seeing, and practical ways to lock down your cloud and protect your data. Cloud control plane: Compromised credentials The cloud control plane is the central control system that helps people manage and use cloud resources.

Weak Development Team 109

Weak Development Team Malware Cloud Internet 109

Prisma Clud

DECEMBER 1, 2022

As the systems we use to deliver software to the cloud get more complex and reliant on third-party components, they also leave more opportunities for attacks. Just last year, software supply chain attacks jumped 51% , which is proof that bad (and creative) actors are capitalizing on these weaknesses.

Weak Development Team 91

Weak Development Team Software Review Software Open Source 91

Coveros

FEBRUARY 6, 2024

The security of your software supply chain is vital to ensuring application security. But far too many organizations do not have a comprehensive understanding of where critical components of their software delivery come from – or misunderstand it completely. Which poses grave risks.

Software Review 52

Software Review Report Artificial Inteligence Open Source 52

DevOps.com

OCTOBER 7, 2022

Composed of an infrastructure stack of mash-up code, hundreds of open source and commercial components, services and APIs, today’s software supply chain is fraught with security risks. The post Protecting CI/CD Pipelines to Secure the Software Supply Chain appeared first on DevOps.com.

Software 107

Software Open Source Infrastructure Applications 107

Cloudera

AUGUST 17, 2023

Despite this software supply chain security issue, ChatGPT has had one of the fastest adoption rates of any commercial service in history, reaching 100 million users in just 2 months after its launch Obviously, for most users, ChatGPT’s open source security issue didn’t even register.

Artificial Inteligence 70

Artificial Inteligence Applications ChatGPT Open Source 70

Perficient

NOVEMBER 6, 2023

Choosing the Right Solution: ERP vs. Order Management for Supply Chain and Customer Support In today’s complex business landscape, efficiently managing your supply chain and providing excellent customer support are critical to staying competitive and meeting customer expectations.

Scalability 52

Scalability System Games Software 52

Synopsys

MARCH 21, 2022

Managing the risks of your software supply chain requires more than a basic understanding of the software components that make up your applications. The post How to cybersecurity: Software supply chain security is much bigger than you think appeared first on Software Integrity Blog.

Software 75

Software How To Applications Open Source 75

DevOps.com

DECEMBER 7, 2021

Lately, software supply chains find themselves in a very interesting and uncomfortable position—the industry spotlight—and not in a good way. While significant and costly breaches such as SolarWinds or Kaseya make front-page news, supply chain attack tactics (e.g.

Analysis 114

Analysis Software Industry Open Source 114

DevOps.com

MARCH 6, 2023

Endor Labs, a provider of a platform for managing open source software, published a report that classifies the top 10 open source software risks of 2023. The company published the list as part of an effort to better educate application development teams about issues that can lead to software supply chain compromises.

Open Source 107

Open Source Report Software Education 107

DevOps.com

JUNE 6, 2023

Deepika Chauhan, chief product officer for DigiCert, said the addition of these capabilities to the DigiCert Software Trust Manager service would make it simpler for organizations to operationalize a methodology for securing […] The post DigiCert Allies With ReversingLabs to Secure Software Supply Chains appeared first on DevOps.com.

Software 101

Software Analysis Organization Continuous Delivery 101

Prisma Clud

JUNE 13, 2023

All software supply chain attacks share a core trait: they allow a threat actor to break into an organization’s IT estate by exploiting software vulnerabilities created by entities other than the organization. First, though, let’s talk about software supply chains. What Is a Software Supply Chain?

Software 59

Software Open Source How To Infrastructure 59

Palo Alto Networks

MAY 1, 2024

{{interview_audio_title}} 00:00 00:00 Volume Slider 10s 10s 10s 10s Seek Slider “AI’s Impact in Cybersecurity” is a blog series based on interviews with a variety of experts at Palo Alto Networks and Unit 42, with roles in AI research, product management, consulting, engineering and more. Get your Unit 42 AI Security Assessment today!

Artificial Inteligence 90

Artificial Inteligence Malware Artificial Intelligence Software Review 90

DevOps.com

MAY 26, 2023

GitLab this week delivered an update to its continuous integration/continuous delivery (CI/CD) platform that adds additional generative artificial intelligence (AI) and cybersecurity capabilities.

Artificial Intelligence 105

Artificial Intelligence Artificial Inteligence Continuous Delivery Continuous Integration 105

Flexagon

SEPTEMBER 22, 2022

We have recently published a number of blogs on these new features, but you may be wondering what else is new and coming with FlexDeploy 6.0. Run tests automatically and utilize results to improve software quality. Software Supply Chain Security. Learn more about Supply Chain Security.

UI/UX 78

UI/UX Software Review Metrics Testing 78

Tenable

FEBRUARY 2, 2024

Background The Tenable Security Response Team has put together this blog to answer frequently Asked Questions (FAQ) regarding a security incident at AnyDesk. Since February 1, reports began circulating on social media about a possible breach at AnyDesk Software GmbH, makers of a remote desktop application called AnyDesk.

Windows 67

Windows Linux Report System 67

Tenable

DECEMBER 14, 2020

Nation-state threat actors breached the supply chain of a popular IT management software provider in order to infiltrate government agencies and private companies. New Blog from us at FireEye: Writeup of UNC2452, a highly sophisticated attacker who distributed malware via a software supply chain attack.

Security 119

Security Journal Report Malware 119

Tenable

APRIL 19, 2024

To get more details: Check out the report’s highlights page Dive into the full “Artificial Intelligence Index Report 2024” report 3 - OpenSSF launches open source SBOM tool Are you involved with software bills of materials (SBOMs) in your organization? To get more details, read the CIS blog “ CIS Benchmarks April 2024 Update.”

Artificial Inteligence 74

Artificial Inteligence Trends Technical Advisors Analysis 74

TechCrunch

DECEMBER 20, 2022

Then came the rise and fall of the SPAC wave and global supply issues. Founded in 2016 by Google and Uber vets, the Pittsburgh-based firm managed to drum up $1 billion in funding over its half-dozen-year existence. Back in October, however, management dropped a bombshell during an all-hands: Argo was shutting down.

Technical Review 361

Technical Review Real Estate Software Review Mobile 361

Palo Alto Networks

SEPTEMBER 28, 2021

With the growing threat of supply chain attacks, as evidenced by recent high-profile breaches like SolarWinds and Kaseya VSA , Palo Alto Networks Unit 42 cloud threat researchers sought to understand these types of attacks in order to help organizations protect against them. Red Team Exercise Signals Supply Chain Vulnerability.

Research 83

Research Cloud Software Exercises 83

Tenable

NOVEMBER 25, 2022

Get the latest on the Hive RaaS threat; the importance of metrics and risk analysis; cloud security’s top threats; supply chain security advice for software buyers; and more! . Understanding the Ransomware Ecosystem: From Screen Lockers to Multimillion-Dollar Criminal Enterprise ” (Tenable blog).

Metrics 52

Metrics Cloud Backup Software Review 52

OTS Solutions

JUNE 9, 2023

In this blog, we discuss the top-rated enterprise application development frameworks that make your process of developing an enterprise application easy. Enterprise Applications are software systems that have been designed to help organizations or businesses manage and automate their day-to-day processes. billion by 2030.

Enterprise 130

Enterprise Applications Development Scalability 130

OTS Solutions

JUNE 9, 2023

In this blog, we discuss the top-rated enterprise application development frameworks that make your process of developing an enterprise application easy. Enterprise Applications are software systems that have been designed to help organizations or businesses manage and automate their day-to-day processes. billion by 2030.

Enterprise 130

Enterprise Applications Development Scalability 130

Tenable

FEBRUARY 3, 2023

Learn all about NIST’s new framework for artificial intelligence risk management. With its new “Artificial Intelligence Risk Management Framework,” NIST hopes to create awareness about AI products’ unique risks, such as their vulnerability to be unduly influenced and manipulated through tampering with the data their algorithms are trained on.

ChatGPT 52

ChatGPT Artificial Intelligence Artificial Inteligence Technical Review 52

Synopsys

JULY 12, 2021

Knowing what’s in your open source software, whether you’re a consumer or producer, can help you manage security risks in your supply chain. The post Reduce open source software risks in your supply chain appeared first on Software Integrity Blog.

Open Source 52

Open Source Software 52