Today we are excited to announce the expansion of our software supply chain security offering with a series of new features that will enhance our ability to detect, prioritize, and remediate open-source software risk. These features set Rezilion apart from SCA (software composition analysis) tools on the market and allow us to provide significantly wider visibility into an organization’s risk – while also dramatically reducing the amount of work required to eliminate it.

There are several best practices for securing the software supply chain. Failing to do so is like leaving open the vault in your home containing your most valuable possessions and sensitive documents. There are an average of 203 open source dependencies per repository in today’s software supply chains. A staggering 99% of codebases contain open source code and between 85 to 97% of enterprise codebases are generated from open source, according to GitHub.

Identified as leaders in IoT (Internet of Things) Device Identity Lifecycle Management by ABI Research, and leaders in IoT IAM according to Quadrant, Device Authority and Entrust have worked together to integrate Device Authority’s KeyScaler® IoT IAM (Identity and Access Management) platform with PKI (Public Key Infrastructure) services from Entrust, extending the existing collaboration for Hardware Security Module (HSM) services, to provide device trust, data trust and automation at IoT sca

Last month, over the holidays, we witnessed multiple vendors experience security breaches of varying levels of severity. From LastPass and Okta to Slack and CircleCI, the news has been filled with headlines reporting on the aftermath of these incidents. We wanted to briefly cover these stories and discuss their implications for you in the current year.

In the first two posts of this series on software-related risks we have looked at vulnerabilities introduced in the development phase and vulnerabilities present in open source software. The third major risk area to consider is software supply chain security and the weaknesses in this area.

Keeping up with supply chain threats is hard work and, unfortunately, never-ending. There are some good frameworks out there that, when implemented, minimizes the risk of exposure. But for smaller organizations it can be a challenge to get the resources and time to implement them correctly. Not to mention keeping them maintained over time.

As the cyber threat evolves, adversaries are increasingly targeting non-publicly disclosed vulnerabilities in the software supply chain. Attackers are able to stealthily travel between networks because to a vulnerability in the supply chain. To combat this risk, the cybersecurity community must center its efforts on protecting the software development lifecycle.

The holiday season is the perfect time to rewatch some favorite festive movies! While some prefer their holiday movies to be as sappy as possible (Hallmark, we’re looking at you), others relish the annual opportunity to watch an 8-year-old boy exact his revenge on two bumbling bad guys in the 1990 classic Home Alone.

That’s an excerpt from the fact sheet accompanying the May 2021 Executive Order on Improving the Nation’s Cybersecurity (EO). It refers to one of seven ambitious measures in the EO: shoring up security of that notorious playground for hackers, the software supply chain. Knowing that organizations lack visibility into the components that comprise their connected assets, bad actors can have a field day exploiting vulnerabilities to penetrate networks and take control.