Top

Tag: software supply chain


Cybersecurity, Security

Protecting against software supply chain attacks

January 30, 2024

Via: InfoWorld

Last year’s MOVEit and 3CX vulnerabilities offered a stark reminder of the risk software supply chain attacks pose today. Threat actors exploit vulnerabilities to infiltrate a software provider’s network and modify the software’s original functionality with malicious code. Once the […]


Computing, Software & Applications

A new hope for software security

July 24, 2023

Via: InfoWorld

The Log4j vulnerability in December 2021 spotlighted the software supply chain as a massively neglected security surface area. It revealed just how interconnected our software artifacts are, and how our systems are only as secure as their weakest links. It […]


Computing, Software & Applications

Top 10 open source software risks for 2023

March 1, 2023

Via: Info World

Known vulnerabilities, compromise of legitimate package, and name confusion attacks are expected to be among the top ten open source software risks in 2023, according to a report by Endor Labs. The other major open source software risks, according to […]


Cybersecurity, Security

Open source security fought back in 2022

December 12, 2022

Via: Info World

Early December marked the one-year anniversary of the Log4j security meltdown. Ever since, the software world has been on a dead sprint to ensure it would never happen again. We’re finally seeing some traction as the missing links in software […]


Computing, Software & Applications

How we’ll solve software supply chain security

July 19, 2022

Via: Info World

Who owns software supply chain security? Developers? Or the platform and security engineering teams supporting them? In the past, the CIO, CISO, or CTO and their security team would decide which Linux distribution, operating system, and infrastructure platform the company […]


Computing, Software & Applications

Software developers have a supply chain security problem

July 12, 2022

Via: Info World

Log4j was the bucket of cold water that woke up most developers to their software supply chain security problem. We’ve spent decades in software building things and obsessing over our production environment. But we’re building on unpatched Jenkins boxes sitting […]


Hacking, Security

2022: The year of software supply chain security

January 4, 2022

Via: Info World

If 2020 was the year that we became acutely aware of the consumer goods supply chain (toilet paper, anyone? Anyone?), then 2021 was the year that the software supply chain rose in our collective consciousness. In perhaps the most infamous […]


Computing, Software & Applications

Securing the Kubernetes software supply chain

December 15, 2021

Via: Info World

Modern software development practices make securing the software supply chain more important than ever. Our code has dependencies on open source libraries which have dependencies on other libraries and so on—a chain of code that we didn’t develop, didn’t compile, […]