NPM security has been a trending topic in the media in recent years, mostly in reference to npm packages available on the ecosystem rather than the npm registry itself. The increasing security risk, that applies to developers and software we build, makes it even more important to understand how to prevent supply chain attacks and other security vulnerabilities related to software development life cycle.
If you are a code publisher or software developer, your end-users need to trust your software that they download. You, a legit entity, must win their trust and confidence as the source of the file rather than any third party or any infiltrator claiming to be you. Also, they need to know that the code has not been tampered with by any hacker or has any malware inserted in it.
Here at Mend, we work with businesses of different sizes and maturity across a wide variety of industry sectors, such as healthcare, finance, manufacturing, construction, media, software, and more. One thing they have in common is that they are all involved in software development in one form or another. They use code and software components and dependencies within a DevOps environment to create both internal and customer-facing applications.
Anat Kleinmann, AlgoSec Sr. Product Manager and IaC expert, discusses how incorporating Infrastructure-as-Code into DevSecOps can allow teams to take a preventive approach to secure application connectivity.
When it comes to protecting software, don’t count on automated testing to find all the vulnerabilities in your code. Here’s why manual penetration testing is more essential (and more accessible) than one might think.
Ransomware has been around for a long time — since 1989 — but has scaled up significantly since 2016. Author’s from Accenture and Google Cloud, in addition to our very own Vandana Verma Sehgal (from the Snyk Security Relations Team), recently released a white paper, Ransomware State of Mind: How to Better Protect Your Business, which details the current state of ransomware and solutions to address this growing problem.
Cyber insurance (also cyber liability insurance coverage or cyber risk insurance) is a type of insurance policy that helps organizations cover financial damages related to cyber attacks or data breaches. Cyber insurance is especially important as the cost of a data breach continues to rise, and the amount of cyber attacks is higher than ever.
I was super excited to be at Kubecon+CloudNativeCon this year. Kubecon has managed to build a great community that goes beyond Kubernetes and has been a good catalyst in bringing together people passionate about OpenSource. Kubecon also has attracted a lot of interest due to the quality of sessions, the number of co-located events, and the opportunity to connect with peers, partners and friends.
