Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

jfrog

Secure Access To Your Software Development with GitHub OpenID Connect (OIDC) and JFrog

Feb 14, 2024 By Yonatan Arbel In JFrog
Modern software development requires a seamless connection between multiple software development tools – particularly those used for code management and storing your software artifacts. Connecting between these tools often involves managing a variety of tokens, permissions, passwords, and keys, which if not handled correctly can expose organizations to potential security threats.
Read Post
datatrails

Creating DataTrails for Supply Chain Artifacts

Feb 7, 2024 By Steve Lasker In DataTrails
In a world where software is produced, distributed, and re-distributed, how do you ensure the software you consume is authentic and safe for your environment? How do you know the software you deployed yesterday is safe today? Most software exploits are discovered after the software has been deployed, which raises the question: It’s not just about getting software updates, as the majority of exploits are distributed as updates. Staying updated isn’t the most secure.
Read Post
jfrog

Empowering DevSecOps: JFrog's Enterprise-Ready Platform for Federal NIST SP 800-218 Compliance

Jan 31, 2024 By Greg McDermott In JFrog
As an integrator or government agency providing mission-critical software, the question to ask yourself is “Is my software development environment NIST SP 800-218 compliant?”. Compliance with NIST SP 800-218 and the SSDF (Secure Software Development Framework) is mandatory, and it’s time to ensure your software supply chain is compliant.
Read Post
manageengine

Understanding the Okta supply chain attack of 2023: A comprehensive analysis

Jan 25, 2024 By IT Security In ManageEngine
In October 2023, Okta, a leading provider of identity and access management (IAM) solutions, experienced a data breach affecting its customer support system. This incident raised serious concerns about the security of sensitive information entrusted to Okta by its customers and partners.
Read Post
manageengine

Top tips: Defend your organization's supply chain with these 3 tips

Jan 25, 2024 By General In ManageEngine
Top tips is a weekly column where we highlight what’s trending in the tech world today and list ways to explore these trends. This week, we’re looking at some of the cybersecurity strategies for supply chains. Cyberattacks have been increasing, and supply chains have taken a hit. In 2022, the United States witnessed a surge in supply chain cyberattacks, which affected 1,743 entities—the highest reported figure since 2017.
Read Post
ThreatQuotient

In 2024, we'll see escalating threats from the software supply chain

Jan 24, 2024 By Haig Colter In ThreatQuotient
Today’s modern supply chains can be large and complex, involving many suppliers doing many different things. As digital transformation initiatives have accelerated, the ecosystem of suppliers has exploded. Effectively securing the supply chain is hard because vulnerabilities can be inherent, or introduced and exploited, at any point in the supply chain. Unfortunately, a compromised software supply chain can cause significant damage and disruption.
Read Post
signmycode

Researchers Demo New CI/CD Attack in PyTorch Supply-Chain that Exploiting GitHub Self-Hosted Action Runner

Jan 23, 2024 By SignMyCode In SignMyCode
The new guidelines to secure GitHub repositories are being followed by every enterprise. These new protocols were circulated after discovering a vulnerable loophole in the self-hosted action runner in August 2023. To know more about the vulnerability, how and who discovered it, and its mitigation, read further.
Read Post

Beyond SBOMs: The Future of Software Supply Chain Security

Jan 22, 2024 By Panoptica In Panoptica
The recent executive order requiring SBOMs (Software Bill of Materials) of those supplying software to the federal government has been instrumental in advancing the conversation around software supply chain security – but SBOMs are just the tip of the iceberg, and quite possibly, not even the most interesting or promising part. Cisco distinguished engineer Ed Warnicke and Cisco technical marketing engineer Michael Chenetz were joined by Aeva Black, OmniBor Project – Microsoft, Brandon Lum, Guac and Google, Dan Lorenc, Wolfi/Chainguard, and Cole Kennedy, TestifySec.
View Video
jfrog

What is JFrog Security?

Jan 8, 2024 By The JFrog Team In JFrog

The security of the software supply chain is rapidly becoming a paramount concern for organizations — and for good reason. With the increasing number of published Common Vulnerabilities and Exposures (CVEs), developers face the challenge of delivering software faster than ever before. However, in their quest for speed, many dev and security teams have resorted to fragmented security solutions, inadvertently leaving critical gaps in coverage and compromising their competitive advantage.

Read Post
Subscribe to Supply Chain

Copyright © 2024 OpsMatters™. All rights reserved.