Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain


White House Issues New Guidelines on Software Supply Chain Security - What Are the Challenges and Possible Outcomes?

The White House and the Executive Office of the President have just issued a memorandum for the heads of U.S. government and federal executive departments and agencies for enhancing the security of the software supply chain through secure software development practices.

Pyrsia - Securing your OSS Supply Chain

With OSS, not knowing where all your software comes from means hard-to-spot risks to the integrity of your services. Without constant identity checks and safety protocols for keys and secrets, open-source dependencies can open the door to breaches, exploits, and supply chain attacks. Enter Pyrsia -- your torch that lights up the open-source supply chain!

The Software Supply Chain Risks You Need to Know

Code that an organization’s developers create is only the beginning of modern software development. In fact, first-party code is likely to be only a small proportion of an application – sometimes as little as 10% of the application’s artifact ecosystem. An enterprise’s software supply chain is made of many parts, from many sources: open source packages, commercial software, infrastructure-as-code (IaC) files, and more.

PyPi Malware Stealing Discord and Roblox Payment Info

Raul Onitza-Klugman, Senior Security Researcher at Snyk, joins Kyle to take a deep dive in to the latest set of malicious packages discovered by the Snyk Security Research team. Join us as we discuss how these findings came to be, what they mean for open source security, and some hypotheses about the future of supply chain security.

How Do We Secure Our Software Supply Chain?

Software supply chain is anything and everything that contributes to making software functional. This includes code in the developer system, the CICD pipeline, dependencies, binaries, and deployed software in production, as well as people, processes, and the technology space. With the growing adoption of assembling software from distributed, unmanaged components rather than building it from scratch, more often than not, organizations are not aware whose, or what, code is running within their software.


Report: The Role of the SBOM in Securing the Software Supply Chain

The software supply chain is under attack, and never has it been more critical to secure it. In doing so, organizations will lessen the risk of a hacker’s ability to gain unauthorized access to development environments and infrastructure. This can include version control systems, artifact registries, open-source repositories, continuous integration pipelines, build servers, or application servers.