Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply Chain

What are Software Supply Chain Attacks?

Software supply chain attacks, or digital supply chain attacks, have become increasingly prevalent over the last couple of years. According to a study by KPMG, 73% of organizations have experienced at least one significant disruption from a third-party in the last three years. What’s the best way to protect against potential software supply chain attacks? To get the answer, let’s define what those attacks are, how they happen, and how you can defend against them.

Eight Considerations for Thwarting Malicious Packages

We’re currently seeing a concerted effort from malicious actors to attack the supply chain through intentionally malicious packages. Our recent research shows a 315 percent rise in the publication of malicious packages to open source registries such as npm and RubyGems between 2021 and the end of Q3, 2022; about 85 percent of those packages stole credentials. This trend requires an urgent shift from detection to prevention.

How Generative AI Can Enhance Software Supply Chain Security

Generative AI is the technology of the moment, and is actually being hyped as providing transformational benefits for years to come, including when it comes to software supply chain security. This subset of AI uses machine learning algorithms to generate new data and content. Given the increasing importance of the software supply chain, it is critical to use every measure possible to secure it. But this is no easy feat—96% of scanned codebases contain open source.

Supply Chain Resilience: 4 Ways to Get Ahead of Third-Party Cyber Risk

Recent events, including the 2020 COVID-19 pandemic, shifts in demand, and labor shortages have shone a spotlight on supply chain resilience – or lack thereof. In response, business leaders recognize that becoming more resilient is a necessity and are looking at strategies for doing so. As a best practice, Gartner recommends that companies diversify their manufacturing networks, utilize regional or local supply chains, add buffer capacity, and more.

Bill of Materials (BOM) Meaning, Purpose, and Types

Imagine constructing a building without a blueprint or cooking a complex recipe without a list of ingredients. It would be a chaotic and inefficient process, right? The same principle applies to manufacturing and production. That's where the Bill of Materials (BOM) comes into play. In this article, we will explore the meaning, purpose, and diverse types of BOMs, illustrating how they serve as the foundation for seamless production processes.

What Role Does Procurement Play in Supply Chain Risk Management?

Thanks to globalization and rapidly developing technology, enterprise involves more connections than ever before, and more connections means more risk in the supply chain. Supply chain risk extends past those suppliers with whom you’re doing business directly. Beyond your third-party suppliers are their suppliers, and the supply chain continues branching out from there. In today's connected world, organizations must not isolate their supply chain risk management.

What Can Happen If You Don't Address Software Supply Chain Security Issues?

By now we know that software supply chain security issues are plentiful. And perhaps you’ve (wisely) decided that it’s a good idea to secure your software supply chain…you just haven’t gotten around to dealing with it yet, given other organizational priorities. The more software you use, the more important it becomes to secure it. Software supply chain attacks are increasing, and there are major implications if you don’t.

Q2 2023 Threat Landscape Report: All Roads Lead to Supply Chain Infiltrations

Kroll’s findings for Q2 2023 reveal a notable shift toward increased supply chain risk, driven not only by the CLOP ransomware gang’s exploitation of the MOVEit transfer vulnerability, but by a rise in email compromise attacks. This and other key security trends are shaping a threat landscape in which diverse cyber threats are present.