Why The US Government Continues to Push for Software Supply Chain Security
October is officially Cybersecurity Awareness Month in the United States but September was a good month for it, too.
October is officially Cybersecurity Awareness Month in the United States but September was a good month for it, too.
The Defence supply chain is a network of interrelated companies, services, and products that transform raw materials and information into goods and expertise for military materiel applications. Given the scale, breadth, and complexity of bringing so many different stakeholders and activities together, the risks that a supply chain presents can be challenging to define and manage.
Most enterprises' critical infrastructure and operational pipelines rely on an intricate web of software, online services, and cloud applications. This level of complexity makes supply chain risk management one of (if not the) biggest challenges for CISOs today. Today, malicious actors choose to exploit software supply chain vulnerabilities rather than just target end users. These SSC attacks have caused some of the most notable cybersecurity incidents and data breaches in recent years.
This is a Bulletproof Tech Talk article: original research from our penetration testing team covering issues, news, and tech that interests them. It’s more technical and in-depth that our usual blog content, but no less interesting. Some readers may remember an article published by Bloomberg entitled "The Big Hack: How China used a Tiny Chip to Infiltrate U.S. Companies".
Typosquatting and dependency confusion are two common tactics used by hackers to exploit open-source package repositories. Understand how these attacks work and discover preventive measures to secure your infrastructure.
Two big trends are now converging that will change the way we view and implement software supply chain security and make dependency management a vital part of assuring security. Let’s look at why and how this is happening, and what it means for dependency management.