Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

jfrog

Empowering DevSecOps: JFrog's Enterprise-Ready Platform for Federal NIST SP 800-218 Compliance

Jan 31, 2024 By Greg McDermott In JFrog
As an integrator or government agency providing mission-critical software, the question to ask yourself is “Is my software development environment NIST SP 800-218 compliant?”. Compliance with NIST SP 800-218 and the SSDF (Secure Software Development Framework) is mandatory, and it’s time to ensure your software supply chain is compliant.
Read Post
manageengine

Understanding the Okta supply chain attack of 2023: A comprehensive analysis

Jan 25, 2024 By IT Security In ManageEngine
In October 2023, Okta, a leading provider of identity and access management (IAM) solutions, experienced a data breach affecting its customer support system. This incident raised serious concerns about the security of sensitive information entrusted to Okta by its customers and partners.
Read Post
manageengine

Top tips: Defend your organization's supply chain with these 3 tips

Jan 25, 2024 By General In ManageEngine
Top tips is a weekly column where we highlight what’s trending in the tech world today and list ways to explore these trends. This week, we’re looking at some of the cybersecurity strategies for supply chains. Cyberattacks have been increasing, and supply chains have taken a hit. In 2022, the United States witnessed a surge in supply chain cyberattacks, which affected 1,743 entities—the highest reported figure since 2017.
Read Post
ThreatQuotient

In 2024, we'll see escalating threats from the software supply chain

Jan 24, 2024 By Haig Colter In ThreatQuotient
Today’s modern supply chains can be large and complex, involving many suppliers doing many different things. As digital transformation initiatives have accelerated, the ecosystem of suppliers has exploded. Effectively securing the supply chain is hard because vulnerabilities can be inherent, or introduced and exploited, at any point in the supply chain. Unfortunately, a compromised software supply chain can cause significant damage and disruption.
Read Post
signmycode

Researchers Demo New CI/CD Attack in PyTorch Supply-Chain that Exploiting GitHub Self-Hosted Action Runner

Jan 23, 2024 By SignMyCode In SignMyCode
The new guidelines to secure GitHub repositories are being followed by every enterprise. These new protocols were circulated after discovering a vulnerable loophole in the self-hosted action runner in August 2023. To know more about the vulnerability, how and who discovered it, and its mitigation, read further.
Read Post

Beyond SBOMs: The Future of Software Supply Chain Security

Jan 22, 2024 By Panoptica In Panoptica
The recent executive order requiring SBOMs (Software Bill of Materials) of those supplying software to the federal government has been instrumental in advancing the conversation around software supply chain security – but SBOMs are just the tip of the iceberg, and quite possibly, not even the most interesting or promising part. Cisco distinguished engineer Ed Warnicke and Cisco technical marketing engineer Michael Chenetz were joined by Aeva Black, OmniBor Project – Microsoft, Brandon Lum, Guac and Google, Dan Lorenc, Wolfi/Chainguard, and Cole Kennedy, TestifySec.
View Video
jfrog

What is JFrog Security?

Jan 8, 2024 By The JFrog Team In JFrog

The security of the software supply chain is rapidly becoming a paramount concern for organizations — and for good reason. With the increasing number of published Common Vulnerabilities and Exposures (CVEs), developers face the challenge of delivering software faster than ever before. However, in their quest for speed, many dev and security teams have resorted to fragmented security solutions, inadvertently leaving critical gaps in coverage and compromising their competitive advantage.

Read Post
Snyk

Kroger's approach to supply chain security

Jan 2, 2024 By Brian Piper In Snyk

Recently, Snyk hosted a wine tasting & customer discussion featuring David Imhoff, Product Security Leader at Kroger. The discussion focused on tackling the challenges of securing digital supply chains. Kroger is a retail giant with 2,700 stores and 400,000 employees. The organization faces unique challenges because it operates on such a massive scale, adding complexity to its software supply chain and security.

Read Post
Featured Post
Egress

Egress experts share predictions for cybersecurity in 2024

Dec 21, 2023 By Egress In Egress
2023 has been a ground-breaking year for cybersecurity advancements and attacks, with new developments making headlines globally. Experts from threat intelligence, product management, and customer services at Egress share their predictions for what's to come in 2024 in this dynamic landscape.
Read Post
manageengine

Protecting your SDLC from a supply chain attack

Dec 19, 2023 By Log360 In ManageEngine

Did you know that nine out of 10 companies detected software supply chain risks in the past 12 months? The increase in the number of dependencies in a supply chain has extended the attack surface for adversaries. It has also caused threat actors to shift their focus from the downstream chain affecting just end users to the upstream chain affecting vendors, customers, and end users alike.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.