Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

A Timely Shift: Prioritizing Software Security in the 2024 Digital Landscape

The release of the February 2024 White House Technical Report, Back to the Building Blocks: A Path Towards Secure Measurable Software, brings about a timely shift in prioritizing software security. Software is ubiquitous, so it’s becoming increasingly crucial to address the expanding attack surface, navigate complex regulatory environments, and mitigate the risks posed by sophisticated software supply chain attacks.

The Expanding Web of Organizational Supply Chains and Security Risks || Razorthorn Security

In this video, we delve into the intricate web of organizational supply chains and the heightened complexities they bring to the realm of cybersecurity. With the interconnected nature of modern businesses, from retailers to manufacturers to insurers, the reliance on numerous other entities introduces a myriad of potential vulnerabilities. Join us as we explore the evolving landscape of malicious activities and data breaches, highlighting the exponential growth in complexity over the past two decades.

Top 10 Cybersecurity Questions to Ask Your Vendors: A step-by-step guide to reduce supply chain risk

A cybersecurity vendor questionnaire is vital in assessing the competency and reliability of potential partners. It serves as a comprehensive tool to evaluate various aspects crucial for safeguarding sensitive data and infrastructure. Through detailed inquiries about security protocols, compliance measures, incident response plans, and past breach incidents, the questionnaire helps gauge the vendor’s commitment to robust cybersecurity practices.
Featured Post

Leveraging Threat Intelligence for Regulatory Compliance

The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organisations' IT networks in the US and is preparing "disruptive or destructive cyber attacks" against communications, energy, transport, water and waste water systems. The announcement, which was supported by national cybersecurity agencies in Australia, Canada, UK, and New Zealand, is a sobering reminder that modern life relies on digital networks. From healthcare, banking, and socialising, to energy, water, local and national government - everything has a digital aspect.

Secure Access To Your Software Development with GitHub OpenID Connect (OIDC) and JFrog

Modern software development requires a seamless connection between multiple software development tools – particularly those used for code management and storing your software artifacts. Connecting between these tools often involves managing a variety of tokens, permissions, passwords, and keys, which if not handled correctly can expose organizations to potential security threats.

Creating DataTrails for Supply Chain Artifacts

In a world where software is produced, distributed, and re-distributed, how do you ensure the software you consume is authentic and safe for your environment? How do you know the software you deployed yesterday is safe today? Most software exploits are discovered after the software has been deployed, which raises the question: It’s not just about getting software updates, as the majority of exploits are distributed as updates. Staying updated isn’t the most secure.

Empowering DevSecOps: JFrog's Enterprise-Ready Platform for Federal NIST SP 800-218 Compliance

As an integrator or government agency providing mission-critical software, the question to ask yourself is “Is my software development environment NIST SP 800-218 compliant?”. Compliance with NIST SP 800-218 and the SSDF (Secure Software Development Framework) is mandatory, and it’s time to ensure your software supply chain is compliant.

Understanding the Okta supply chain attack of 2023: A comprehensive analysis

In October 2023, Okta, a leading provider of identity and access management (IAM) solutions, experienced a data breach affecting its customer support system. This incident raised serious concerns about the security of sensitive information entrusted to Okta by its customers and partners.