Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Rezilion

Best Practices for Securing the Software Supply Chain

There are several best practices for securing the software supply chain. Failing to do so is like leaving open the vault in your home containing your most valuable possessions and sensitive documents. There are an average of 203 open source dependencies per repository in today’s software supply chains. A staggering 99% of codebases contain open source code and between 85 to 97% of enterprise codebases are generated from open source, according to GitHub.

Where is Your Risk? Software Supply Chain Security Weaknesses

In the first two posts of this series on software-related risks we have looked at vulnerabilities introduced in the development phase and vulnerabilities present in open source software. The third major risk area to consider is software supply chain security and the weaknesses in this area.

Where is Your Risk? Vulnerabilities in Open Source Software

The first post of this series on the software-related risks organizations are facing looked at vulnerabilities introduced in development. In this post we look at the risks of open source vulnerabilities. Organizations are increasingly dependent on third-party software, including open source code, but current tools provide limited visibility and require a lot of manual work.

Control Web Panel Vulnerability, CVE-2022-44877, Actively Exploited in the Wild

This post offers details on the Control Web Panel Vulnerability, CVE-2022-44877, which is actively being exploited in the wild. If you are using Control Web Panel in any version below 0.9.8.1147, make sure to patch as soon as possible. While CVE-2022-44877, a critical vulnerability affecting Control Web Panel (a popular free, closed-source, web-hosting interface), has received an official patch on October 25th 2022, evidence of active exploitation of the vulnerability are starting to accumulate.

Where is Your Risk? Vulnerabilities in Software Development

Organizations are facing a variety of software-related risks, and vulnerabilities introduced in the development process are just one of them. The sooner they can figure out where these risks exist and how to address them, the better they can mitigate them and bolster their overall cybersecurity profile. In a series of posts, we will take a look at some of the key software risks organizations are grappling with today. First up: vulnerability risk that emerges during software development.

CVE-2022-23529: Should You Be Concerned About the JsonWebToken Vulnerability?

On January 9, 2023, Palo Alto revealed that their researchers have discovered a vulnerability in the popular JsonWebToken open source project. Although the JsonWebToken vulnerability received a CVSS score of 9.8, upon closer examination it appears that the chances for the preconditions required to exploit the vulnerability in real world applications are slim. In this blog post we will provide some background regarding the vulnerability and explain the conditions in which it can be exploited.

What You Need to Consider For Managing Third-Party Risk

Managing third-party risk is not a high priority, Forrester data finds. And that’s concerning. Juggling was a skill that organizations in the public and private sectors found themselves having to learn in the last two years because of the need to deal with new business priorities and strategic initiatives on top of managing lots of new security risks. Mastering the art of keeping all the balls in the air is something security, compliance and risk professionals must master in 2023.

Using DevSecOps to Improve Your Vulnerability Management Program

The basic idea behind DevSecOps is to introduce security as early as possible in the software development life cycle (SDLC). At the same time, the model can lead to increased collaboration between development and security teams as part of the effort to integrate security into the SDLC. In other words, DevSecOps provides an excellent foundation for an effective vulnerability management strategy.

The Regulatory Landscape Makes SBOMs a Must Have

Regulatory demands now make an SBOM an essential in any organization. The Biden Administration released a memo in September 2022 that directs federal agencies to adopt guidelines from the National Institute of Standards and Technology (NIST) for securing software used by the federal government and attest to its security.

2022 was the year of the SBOM...and 2023 will be, too

2022 was the year of the rise of the SBOM. This time of year, we take a look back at the havoc wreaked by breaches–that occurred in 2021 and earlier. The fallout from SolarWinds and Kaseya cyberattacks continued into 2022, which poignantly illustrated how vulnerable the software supply chain is. The Log4j open-source vulnerability at the end of 2021 further illuminated the need for visibility around hard-to-find flaws.