Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

Software Supply Chain Security for Open Source Projects

Jun 2, 2022 By JFrog In JFrog
Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on? This raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be considered in this security strategy. In the recent past, we have also learned that attacks are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.
View Video

Identifying and Avoiding Malicious Packages

May 31, 2022 By JFrog In JFrog
Securing your software supply chain is absolutely critical as attackers are getting more sophisticated in their ability to infect software at all stages of the development lifecycle. This webinar will be a technical showcase of the different types of malicious packages that are prevalent today in the PyPI (Python) and npm (Node.js) package repositories. All examples shown in the webinar will be based on real data and malicious packages that were identified and disclosed by the JFrog security research team.
View Video
jfrog

Pyrsia: Decentralized Package Network that Secures the Open Source Supply Chain

May 25, 2022 By Sudhindra Rao In JFrog

Supply chain security has received a lot of attention in recent years. And rightly so. Software vulnerability exploitation attacks have been a key tool in the hands of the hackers to hamper businesses, compromise sensitive data, and a cause of general sense of fear around open source software.

Read Post
jfrog

Pyrsia: Open Source Software that Helps Protect the Open Source Supply Chain

May 25, 2022 By Lori Lorusso and Stephen Chin In JFrog

Stephen Chin is no stranger to having big ideas and implementing them to help the developer community. In the last twenty years he’s been involved in building open source IDEs, bootstrapping rich client libraries, maintaining JVM languages, and cultivating relationships with developers that do the same.

Read Post
Feroot

Everything You Need to Know to Prevent JavaScript Supply Chain Attacks

May 18, 2022 By Feroot Security Team In Feroot

JavaScript supply chain attacks are a bit like rolling thunder. The boom starts in one location and then reverberates along a path, startling folks, shaking windows, and—if there is a significant enough storm to accompany the thunder—leaving varying degrees of devastation in its wake.

Read Post
veracode

What Is Software Supply Chain Security?

May 11, 2022 By Veracode In Veracode

Most software today isn’t developed entirely from scratch. Instead, developers rely on a range of third-party resources to create their applications. By using pre-built libraries, developers don’t need to reinvent the wheel. They can use what already exists and spend time on proprietary code, helping to differentiate their software, finish projects quicker, reduce costs, and stay competitive. These third-party libraries make up part of the software supply chain.

Read Post
nightfall

GitHub Supply Chain Attacks Highlight the Urgency of Zero Trust SaaS Data Security

May 10, 2022 By Michael Osakwe In Nightfall

In early April, the tech industry witnessed a major GitHub security incident targeting GitHub organizations using Heroku and Travis CI. GitHub was made aware of this threat via an attack leveraging AWS API keys to GitHub’s own npm production infrastructure. As upstream security risks within SaaS platforms become more common, organizations that leverage these platforms are relying on tools like Nightfall to protect themselves.

Read Post
Feroot

The TTPs of JavaScript Supply Chain Attacks

Apr 28, 2022 By Feroot Security Team In Feroot

Recent research studies demonstrate that software supply chain attacks are on the upswing—by almost 300% in 2021 alone. To avoid attacks related to open-source libraries and JavaScript, businesses need to understand the tactics, techniques, and procedures (TTPs) associated with JavaScript supply chain attacks.

Read Post

Securing the Digital Supply Chain Ep. 10 - Peeyush Ranjan

Apr 22, 2022 By Riscosity In Riscosity
An amazing conversation with Peeyush Ranjan, Engineering VP at a Fortune 50 organization. Peeyush coined an amazing term - "Diffused Responsibility" - this is the reason why we all, in different silos, development, security, GRC, legal have to try harder and pull towards the same goal. In fact the example used - of a sports team, getting the pigskin over the line is a very apt one.
View Video
mend

Software Supply Chain Security: The Basics and Four Critical Best Practices

Apr 21, 2022 By Adam Murray In Mend

Enterprise software projects increasingly depend on third-party and open source components. These components are created and maintained by individuals who are not employed by the organization developing the primary software, and who do not necessarily use the same security policies as the organization. This poses a security risk, because differences or inconsistencies between these policies can create overlooked areas of vulnerability that attackers seek to exploit.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.