dependencies
![Apple CEO Tim Cook, looking grim](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE
Richi Jennings | | App Sec & Supply Chain Security, Apple, Apple iOS, AppSec & Supply Chain Security, CocoaPods, CVE-2024-38366, CVE-2024-38368, dependencies, dependency injection, Dependency Management, macos, macOS Security, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, SB Blogwatch, software dependencies, Supply-Chain Insecurity, third-party dependencies, trust dependencies
Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ...
Security Boulevard
![Strategies to accelerate dependency management for modern enterprise software development](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Strategies to accelerate dependency management for modern enterprise software development
Aaron Linskens | | dependencies, DevOps transformation, risk management, software supply chain, Vulnerabilities
Contrary to common belief, security and productivity are not necessarily at odds in modern software development ...
![Software composition analysis (SCA): A beginner's guide](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Software composition analysis (SCA): A beginner’s guide
In modern software development, applications are rarely built from scratch. Development teams extensively rely upon open source software components to accelerate development and foster innovation in software supply chains ...
![The overview effect: Two decades of unique perspective](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
The overview effect: Two decades of unique perspective
Based on data from 2023, just under 700 people have made the (sometimes) dangerous journey to space and seen our planet in a different light. Astronauts often write about their experiences in ...
![Sonatype Lifecycle best practices: InnerSource](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Sonatype Lifecycle best practices: InnerSource
InnerSource Insight facilitates collaboration and enhances code quality across teams ...
![The impact of automating open source dependency management](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
The impact of automating open source dependency management
Recently, I chatted with developers from a customer in a heavily regulated industry. They were manually updating their open source dependencies and wanted to find a better solution to save time. Keeping ...
![The impact of automating open source dependency management](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
The impact of automating open source dependency management
Recently, I chatted with developers from a customer in a heavily regulated industry. They were manually updating their open source dependencies and wanted to find a better solution to save time. Keeping ...
![Sonatype Lifecycle best practices: Getting started and managing SBOMs](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Sonatype Lifecycle best practices: Getting started and managing SBOMs
Effective management of software dependencies is critical for ensuring both security and operational efficiency of applications ...
![Sonatype Lifecycle best practices: Getting started and managing SBOMs](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
Sonatype Lifecycle best practices: Getting started and managing SBOMs
Effective management of software dependencies is critical for ensuring both security and operational efficiency of applications ...
![NVD overload: Unveiling a hidden crisis in vulnerability management](https://cdn.statically.io/img/securityboulevard.com/wp-content/plugins/pt-content-views-pro/public/assets/images/lazy_image.png)
NVD overload: Unveiling a hidden crisis in vulnerability management
Aaron Linskens | | component governance, dependencies, Events and Webinars, government, Vulnerabilities
In a Linkedin Live session yesterday, Ilkka Turunen, Field CTO of Sonatype, and Brian Fox, co-founder and CTO, discussed an ongoing critical yet underreported issue in the National Vulnerability Database (NVD) ...