Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Holistic AppSec and Software Supply Chain Security

Sep 26, 2023 By Mend In Mend
AppSec and software supply chain security require more than a loose collection of tools and a vulnerability remediation process. A holistic approach covers risk assessment, a secure software development life cycle, software composition analysis (SCA), SBOMs, static and dynamic application security testing (SAST/DAST), workflow automation, automated remediation, runtime protections, compliance reporting and more. Successful implementation of this holistic approach enables companies to shrink their overall attack surface and reduce technical and security debt.
View Video
Snyk

Signing container images: Comparing Sigstore, Notary, and Docker Content Trust

Sep 26, 2023 By Hrittik Roy In Snyk

In the modern software ecosystem, containerization has become a popular method for packaging and deploying applications. Alongside this growing trend, ensuring the security of software supply chains has become a critical concern for businesses of all sizes. Implementing best practices, such as signing and verifying images to mitigate man-in-the-middle (MITM) attacks and validating their authenticity and freshness, play a pivotal role in safeguarding the integrity of the software supply chain.

Read Post
idstrong

Delta Dental of California is Another Victim in the String of MOVEit Data Breaches

Sep 26, 2023 By Steven In IDStrong

Delta Dental of California is a major dental insurance provider throughout one of the largest states in the US. The company is well-known for offering PPO dental insurance policies and other varieties of dental insurance options. The company was founded in 1955 and serves millions of Americans throughout nearly all of the 50 states. All California residents using Delta Dental may have been impacted by a recent data breach that could cause real problems for them.

Read Post
CrowdStrike

Automation Advancements in Falcon Intelligence Recon: Disrupt the Adversary and Reduce Risk

Sep 26, 2023 By Bart Lenaerts-Bergmans In CrowdStrike

Adversaries are continuing to expand their attacks by adding tactics like domain abuse, multifactor authentication (MFA) fatigue and unique crafted exploit kits acquired from underground forums. Typosquatted domains pose a risk for any organization as they are used at the start of the attack chain, with the goal of misdirecting users to a look-alike site to steal their identities.

Read Post
tigera

Multi-VRF support for Egress Gateways using Calico

Sep 26, 2023 By Rui De Abreu In Tigera

This is a follow up discussion of some advanced use case scenarios for Egress Gateways. In a previous blog post, Policy-based routing with Egress Gateways, I explained how to achieve connectivity to multiple destinations using policies based on the destination of the traffic. One of the use cases described was the ability of connecting to different services based on the destination, so we can use a different source IP that can be included in an allowlist for such services.

Read Post

swampUP 2023: Shielding the Foundation: Security Across Your SSC

Sep 26, 2023 By JFrog In JFrog
Developers are now the target of the attacker, with binaries available publicly. While it's unlikely that the concept of security point solutions will completely disappear, it’s clear that the market is demanding a consolidated, comprehensive approach to pipeline security across the attack surface. With the increasing complexity of software supply chains, security and governance are becoming critical on developer’s machines, at the C-level and in boardrooms.
View Video

swampUP 2023: Keynote Opener

Sep 26, 2023 By JFrog In JFrog
JFrog is on a mission to create a world of software delivered without friction from developer to device. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform is a single system of record that powers organizations to build, manage, and distribute software quickly and securely, ensuring it is available, traceable, and tamper-proof. The integrated security features also help identify, protect, and remediate against threats and vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available as both self-hosted and SaaS services across major cloud service providers.
View Video
cyberint

Subdomain Hijacking: The Domain's Silent Danger

Sep 26, 2023 By Cyberint In Cyberint
Just two months ago, researchers from Vienna conducted a study that revealed the abuse of dangling DNS records to hijack subdomains of numerous major organizations, highlighting the potential vulnerability of thousands of entities. The researchers targeted subdomains belonging to various government organizations, political parties, universities, media companies, and financial institutions. They managed to take control of these subdomains to demonstrate the risk associated with this vulnerability.
Read Post
mend

What Role Should Dependency Management Play as the Regulation of the Software Supply Chain Escalates?

Sep 26, 2023 By Adam Murray In Mend

Two big trends are now converging that will change the way we view and implement software supply chain security and make dependency management a vital part of assuring security. Let’s look at why and how this is happening, and what it means for dependency management.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.