Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mend.io Supply Chain Defender

Mend Supply Chain Defender helps protect enterprises against software supply chain attacks. It detects and blocks malicious open source packages before your developer can download them — and before they can pollute your codebase with malicious activity. Mend Supply Chain Defender has already detected and reported thousands of malicious packages that were swiftly removed from their registries, to protect open source users from accidentally installing malicious code.

FYI: the dark side of ChatGPT is in your software supply chain

Let’s face it, the tech world is a whirlwind of constant evolution. AI is no longer just a fancy add-on; it’s shaking things up and becoming part and parcel of various industries, not least software development. One such tech marvel that’s stealthily carving out a significant role in our software supply chain is OpenAI’s impressive language model – ChatGPT.

Why SCA is Critical for Securing the Software Supply Chain

Weaknesses within software supply chains create a foothold for exploitation from cyberattacks. The problem is so significant that even the White House released an Executive Order that speaks directly on this topic. “The Federal Government must take action to rapidly improve the security and integrity of the software supply chain,” states the Executive Order emphatically. Now, you may be wondering what your organization can do to mitigate this risk.

Elastic partners with Chainguard on Software Supply Chain security and SLSA assessment

In the aftermath of supply chain breaches against SolarWinds and Codecov, organizations are focused on protecting their software from malicious tampering and compromise. Addressing the complexity of software development and potential security exposures has been top of mind. The complexity goes beyond traditional application security as the software supply chain encompasses and spans across different services, organizations, roles, and responsibilities.

Snyk's 2023 State of Open Source Security: Supply chain security, AI, and more

The 2021 Log4Shell incident cast a bright light on open source software security — and especially on supply chain security. The 18 months following the incident brought a greater focus on open source software security than at any time in history. Organizations like the OpenSSF, AlphaOmega, and large technology companies are putting considerable resources towards tooling and education. But is open source software security actually improving? And where are efforts still falling short?

Retrieval vs. poison - Fighting AI supply chain attacks

While perhaps new to AI researchers, supply chain attacks are nothing new to the world of cybersecurity. For those in the know, it has been best practice to verify the source and authenticity of downloads, package repositories, and containers. But human nature usually wins. As developers, our desire to move quickly to improve ease of use for users and customers can cause us to delay efforts to validate the software supply chain until we are forced to by our peers in compliance or security organizations.

Software Supply Chain Compliance: Ensuring Security and Trust in Your Software and Applications

Software and applications make the world go round. This naturally makes them a top attack target for threat actors, and highlights the importance of robust software supply chain compliance. But how do companies build and implement a compliance strategy that solves the challenges of modern application security? Let’s take a look.

Defend Your Software Supply Chain by Curating Open-Source Packages Entering Your Organization | Announcing JFrog Curation

Modern organizations are constantly striving to gain a competitive advantage by delivering software solutions at a remarkable pace. To achieve this, they heavily rely on open-source software (OSS) libraries and packages, which constitute a significant portion (80-90%) of their software solution. However, while open-source software offers numerous benefits, it also presents potential security challenges.

What is cyber risk exposure and how can you manage it?

Cybersecurity is not an easy task. New threats are constantly emerging—in your IT infrastructure and that of your vendors and partners. But, as a cybersecurity leader, you can help your organization mitigate these threats if you adopt cyber risk exposure management practices. In this blog, we explore everything you need to know about how cyber risk exposure and management can help you reduce the risk of gaps and vulnerabilities in your network and across your third-party supply chain.