Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

mend

3 Critical Best Practices of Software Supply Chain Security:

Jun 20, 2022 By Adam Murray In Mend

If your organization develops software and applications to deliver products and solutions, then more than likely you’re using third-party open source components to help create them. According to most estimates, open source components now make up over 80 percent of software products.

Read Post
CrowdStrike

Detecting Poisoned Python Packages: CTX and PHPass

Jun 3, 2022 By Manoj Ahuje In CrowdStrike

The software supply chain remains a weak link for an attacker to exploit and gain access to an organization. According to a report in 2021, supply chain attacks increased by 650%, and some of the attacks have received a lot of limelight, such as SUNBURST in 2020 and Dependency Confusion in 2021.

Read Post
Trustwave

CISO's Corner: Cyber Defense Lessons for OT and Supply Chain Infrastructure

Jun 2, 2022 By Kory Daniels In Trustwave

2022 has been busy in the cyber world. While there were signals in 2021 with the increased in activity in threat actors targeting OT environments with ransomware, the conflict in Ukraine prompted many businesses to press harder in asking more questions about their own resilience with operational technologies (OT) and supply chain infrastructure.

Read Post

Software Supply Chain Security for Open Source Projects

Jun 2, 2022 By JFrog In JFrog
Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on? This raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be considered in this security strategy. In the recent past, we have also learned that attacks are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.
View Video

Software Supply Chain Security for Open Source Projects - it's time to prepare!

Jun 2, 2022 By JFrog In JFrog
Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on? This raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be considered in this security strategy. In the recent past, we have also learned that attacks are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.
View Video

Identifying and Avoiding Malicious Packages

May 31, 2022 By JFrog In JFrog
Securing your software supply chain is absolutely critical as attackers are getting more sophisticated in their ability to infect software at all stages of the development lifecycle. This webinar will be a technical showcase of the different types of malicious packages that are prevalent today in the PyPI (Python) and npm (Node.js) package repositories. All examples shown in the webinar will be based on real data and malicious packages that were identified and disclosed by the JFrog security research team.
View Video
jfrog

Pyrsia: Decentralized Package Network that Secures the Open Source Supply Chain

May 25, 2022 By Sudhindra Rao In JFrog

Supply chain security has received a lot of attention in recent years. And rightly so. Software vulnerability exploitation attacks have been a key tool in the hands of the hackers to hamper businesses, compromise sensitive data, and a cause of general sense of fear around open source software.

Read Post
jfrog

Pyrsia: Open Source Software that Helps Protect the Open Source Supply Chain

May 25, 2022 By Lori Lorusso and Stephen Chin In JFrog

Stephen Chin is no stranger to having big ideas and implementing them to help the developer community. In the last twenty years he’s been involved in building open source IDEs, bootstrapping rich client libraries, maintaining JVM languages, and cultivating relationships with developers that do the same.

Read Post
Feroot

Everything You Need to Know to Prevent JavaScript Supply Chain Attacks

May 18, 2022 By Feroot Security Team In Feroot

JavaScript supply chain attacks are a bit like rolling thunder. The boom starts in one location and then reverberates along a path, startling folks, shaking windows, and—if there is a significant enough storm to accompany the thunder—leaving varying degrees of devastation in its wake.

Read Post
veracode

What Is Software Supply Chain Security?

May 11, 2022 By Veracode In Veracode

Most software today isn’t developed entirely from scratch. Instead, developers rely on a range of third-party resources to create their applications. By using pre-built libraries, developers don’t need to reinvent the wheel. They can use what already exists and spend time on proprietary code, helping to differentiate their software, finish projects quicker, reduce costs, and stay competitive. These third-party libraries make up part of the software supply chain.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.