AppSec & Supply Chain Security
The state of DevSecOps: Why upgrading your AppSec tooling is essential
DevSecOps started getting written and talked about a decade ago, and today many companies are paying attention to the best-practices recommendations put forth in the press and conferences. In fact, a report ...
‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought
Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...
‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE
Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ...
The Polyfill.io software supply chain attack: Lessons learned
See RL's Joshua Knox break down the Polyfill.io supply chain attack on YouTube ...
OASIS Open’s push for a software supply chain standard: All together now?
OASIS Open, a global open-source and standards organization, has announced the formation of a technical committee to standardize supply chain information models ...
How platform engineering helps you get a good start on Secure by Design
Designing software from the ground up to be secure, as recommended by the Secure by Design initiative from the Cybersecurity and Infrastructure Security Agency (CISA), has its challenges, especially if it's done ...
How to secure mergers & acquisitions from software supply chain attacks
There are varying levels of cybersecurity vetting used during mergers and acquisitions (M&A). Traditionally, acquiring organizations rely on techniques such as third party questionnaires to understand the cybersecurity posture of the company ...
Why malware matters most: 6 ways to foil software threats faster
Security teams spend a lot of time chasing software vulnerabilities. The fact is, however, that their time would be better spent combating malware because the payoff is better: faster detection, response, and ...
Verizon DBIR 2024: The rise in software supply chain attacks explained
The Verizon Data Breach Investigations Report (DBIR) is considered to be one of the leading annual reports on the state of cybersecurity. The report, which analyzes thousands of data breaches from the ...
How to assess and manage commercial software risk
Five years ago, we didn’t hear much about software supply chain attacks. Today, they’re commonplace. Barely a week goes by without news of malicious or compromised packages tempting developers on open-source repositories ...
