Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

ThreatQuotient

In 2024, we'll see escalating threats from the software supply chain

Jan 24, 2024 By Haig Colter In ThreatQuotient
Today’s modern supply chains can be large and complex, involving many suppliers doing many different things. As digital transformation initiatives have accelerated, the ecosystem of suppliers has exploded. Effectively securing the supply chain is hard because vulnerabilities can be inherent, or introduced and exploited, at any point in the supply chain. Unfortunately, a compromised software supply chain can cause significant damage and disruption.
Read Post
signmycode

Researchers Demo New CI/CD Attack in PyTorch Supply-Chain that Exploiting GitHub Self-Hosted Action Runner

Jan 23, 2024 By SignMyCode In SignMyCode
The new guidelines to secure GitHub repositories are being followed by every enterprise. These new protocols were circulated after discovering a vulnerable loophole in the self-hosted action runner in August 2023. To know more about the vulnerability, how and who discovered it, and its mitigation, read further.
Read Post

Beyond SBOMs: The Future of Software Supply Chain Security

Jan 22, 2024 By Panoptica In Panoptica
The recent executive order requiring SBOMs (Software Bill of Materials) of those supplying software to the federal government has been instrumental in advancing the conversation around software supply chain security – but SBOMs are just the tip of the iceberg, and quite possibly, not even the most interesting or promising part. Cisco distinguished engineer Ed Warnicke and Cisco technical marketing engineer Michael Chenetz were joined by Aeva Black, OmniBor Project – Microsoft, Brandon Lum, Guac and Google, Dan Lorenc, Wolfi/Chainguard, and Cole Kennedy, TestifySec.
View Video
jfrog

What is JFrog Security?

Jan 8, 2024 By The JFrog Team In JFrog

The security of the software supply chain is rapidly becoming a paramount concern for organizations — and for good reason. With the increasing number of published Common Vulnerabilities and Exposures (CVEs), developers face the challenge of delivering software faster than ever before. However, in their quest for speed, many dev and security teams have resorted to fragmented security solutions, inadvertently leaving critical gaps in coverage and compromising their competitive advantage.

Read Post
Snyk

Kroger's approach to supply chain security

Jan 2, 2024 By Brian Piper In Snyk

Recently, Snyk hosted a wine tasting & customer discussion featuring David Imhoff, Product Security Leader at Kroger. The discussion focused on tackling the challenges of securing digital supply chains. Kroger is a retail giant with 2,700 stores and 400,000 employees. The organization faces unique challenges because it operates on such a massive scale, adding complexity to its software supply chain and security.

Read Post
Featured Post
Egress

Egress experts share predictions for cybersecurity in 2024

Dec 21, 2023 By Egress In Egress
2023 has been a ground-breaking year for cybersecurity advancements and attacks, with new developments making headlines globally. Experts from threat intelligence, product management, and customer services at Egress share their predictions for what's to come in 2024 in this dynamic landscape.
Read Post
manageengine

Protecting your SDLC from a supply chain attack

Dec 19, 2023 By Log360 In ManageEngine

Did you know that nine out of 10 companies detected software supply chain risks in the past 12 months? The increase in the number of dependencies in a supply chain has extended the attack surface for adversaries. It has also caused threat actors to shift their focus from the downstream chain affecting just end users to the upstream chain affecting vendors, customers, and end users alike.

Read Post
securitysenses

Regulatory Compliance in Aviation Procurement: Navigating the Complex Landscape

Dec 19, 2023 By SecuritySenses In SecuritySenses
In the vast airspace of the aviation industry, procurement is a complex journey laden with many regulatory checkpoints. It's a unique dance between sticking to global standards and being in the pursuit of operational efficiency. This sector is often considered the lifeline of global connectivity. So, it still remains one of the most strictly monitored sectors. It's because when it comes to aviation, it's not about ticking boxes for the sake of it. The lives of millions of passengers depend on the regulations daily.
Read Post

The 443 Podcast - Episode 273 - Hacking the Crypto Supply Chain

Dec 19, 2023 By WatchGuard In WatchGuard
This week on the podcast, we cover a supply chain attack against one of the largest hardware cryptocurrency wallet manufacturers. After that, we discuss the latest Apache Struts vulnerability under active exploit by threat actors. We end the episode with our thoughts on a research blog post about a set of threat actors using an old school attack against modern targets. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
View Video
upguard

Securing Your Supply Chain: Risk Management vs Security Management

Dec 15, 2023 By Leah Sadoian In UpGuard
Supply chain management has become a top priority for businesses due to the increasing use of digital technologies and geopolitical uncertainties, making global supply chains more vulnerable than ever to disruptions. This reality highlights two critical aspects of supply chain management: Supply Chain Risk Management (SCRM) and Supply Chain Security Management (SCSM).
Read Post
Subscribe to Supply Chain

Copyright © 2024 OpsMatters™. All rights reserved.