While the occurrence of software supply chain attacks just keeps getting worse every year, there appears to be a disconnect among leaders on the importance of securing those supply chains. According to research from IDC, there has been a 241% increase year-over-year in supply chain attacks, but a new survey from JFrog had only 30% … continue reading
The following is a listing of vendors that offer tools to help secure software supply chains, along with a brief description of their offerings. Featured Provider HCLSoftware: HCL AppScan empowers developers, DevOps, and security teams with a suite of technologies to pinpoint application vulnerabilities for quick remediation in every phase of the software development lifecycle. … continue reading
Synopsys has released a new solution to help companies manage upstream risks of software supply chains. Black Duck Supply Chain Edition does software composition analysis (SCA) that makes use of a number of security analysis techniques to determine the components in a piece of software, such as package dependency, CodePrint, snippet, binary, and container analysis. … continue reading
Web3. Cryptocurrency. Non-fungible tokens. Those are the words many think of when they hear the word blockchain. These are the areas where this emerging technology has garnered the most popularity over the years, but blockchain as a technical concept can be applied in many different ways, and it has uses in the enterprise, particularly when … continue reading
Software supply chain attacks occur primarily because most software development involves using third-party dependencies. The most severe attacks occur on a “Zero Day,” which refers to vulnerabilities that have been discovered without any available patch or fix, according to William Manning, solution architect at DevOps platform provider JFrog, in an ITOps Times Live! on-demand webinar … continue reading
The software supply chain security company Sonatype is attempting to make it easier for development and security teams to come together and innovate. They announced new deployment options, enabling companies to run Sonatype software in the cloud. Nexus Lifecycle and Nexus Firewall can now be deployed in the cloud, which enables companies to get up … continue reading
The NSA and CISA released the guide “Securing the Software Supply Chain: Recommended Practices Guide for Developers” last month and while David Wheeler, the director of open-source supply chain security at the Linux Foundation and OpenSS, welcomes it, he said there are some questionable requirements. The guide covers aspects of security such as how to … continue reading
Tel Aviv, Israel, September 29, 2022 — Ox Security, the end-to-end software supply chain security platform for DevSecOps, exited stealth today with $34M in funding led by Evolution Equity Partners, Team8, and M12, Microsoft’s venture fund, with participation from Rain Capital. OX was founded less than a year ago by Neatsun Ziv and Lior Arzi, … continue reading
In recent years, hackers have become very sophisticated in the ways they attack upstream development pipelines by introducing vulnerabilities into the software supply chain. The popularity of open source makes those repositories a low-hanging fruit to target. In an SD Times Live! Event titled “Threat Landscapes: An Upstream and Downstream Moving Target,” Theresa Mammarella, developer … continue reading
In late 2021, a vulnerability was detected in the Java logging package Log4j, which is the most popular framework for logging in Java. It is used in millions of applications. Not only that, but it is used as a dependency in over 7,000 open-source projects, according to research from software security company Sonatype. Given the … continue reading
Google has announced the third developer preview of its upcoming 12.0 release. The latest preview includes a new app launch experience, new video and camera capabilities and new permissions for exact alarms that help users save battery. Developers can use new splash screen APIs and resources to manage the splash screen window’s background color, replace … continue reading
The past year saw a 430% increase in next-generation cyber attacks aimed at actively infiltrating open source software supply chains, according to the 2020 State of the Software Supply Chain report. In the past 12 months, 929 next-generation software supply chain attacks were recorded. By comparison, 216 such attacks were recorded between February 2015 and … continue reading