As a part of our mission to improve and accelerate software supply chain security, today we are pleased to unveil Rezilion’s new Smart Fix feature.
Let’s talk about operational risk and security risk. In the dynamic world of software development, a persistent tension exists between developers and security professionals when it comes to managing operational risk and security risk. Developers prioritize avoiding code disruptions, leading them to implement measures like version locking and reluctance to patch.
Software supply chain attacks are increasingly gaining attention. Why? Software developers today have grown increasingly reliant on vendors, suppliers, and partners, so the software supply chain has become a key factor in the ability to build new enterprise apps. This means more partners are touching sensitive data than ever before, and attackers have taken notice. More open-source components are being used and consequently, vulnerabilities are slipping in through the software supply chain.
As Head of Product at Rezilion, I am excited to share some of the new features and enhancements we have added to the platform in the first few months of 2023. With these new features, you’ll be able to effectively manage your supply chain risks with more visibility, accuracy, and convenient automation than ever before.
Without effective and reliable software, virtually every aspect of an organization’s operations can grind to a halt. And a vulnerability that impacts even one component of a software application can expose many organizations to risk. Software vulnerabilities are emerging all the time, so one of the biggest challenges in defending against software flaws is the fact that there are so many of them.
In this blog post, we detail PaperCut Vulnerability CVE-2023-27350. On March 8th, PaperCut released new versions that contained security updates and addressed two recently discovered CVEs – CVE-2023-27351 and CVE-2023-27350. Today, we will focus on CVE-2023-27350, which was reported by the Zero Day Initiative (ZDI-23-233). This vulnerability is a critical remote code execution flaw with a severity score of 9.8.
Protecting the software supply chain is now a major organizational priority. Two weapons in the arsenal to help protect against data breaches and digital attacks are software supply chain security and software composition analysis (SCA). Here’s a look at Software Supply Chain Security vs SCA. The world today runs on software and ensuring it is reliable and secure can be a dicey proposition.
With all the cybersecurity benefits an SBOM offers, it’s a wonder they weren’t used in the software development life cycle long ago. Today, the need for SBOMs has grown more urgent because open source has become a core part of modern software development. At least one report finds that 75% of all codebases audited were composed of open-source components with known security vulnerabilities.
On Apr 24, 2023 Naveen Sunkavally, Chief Architect at Horizon3.ai, announced the discovery of a new vulnerability, CVE-2023-27524, in Apache Superset and wrote comprehensively about the whole process. The vulnerability was caused by an insecure default configuration in the application. This is not the first time this type of vulnerability has been found in similar applications.