Tag: supply chain
Report Shines Spotlight on Open Source Software Security Challenges
An analysis of more than five million open-source software packages published by Lineaje, a provider of a platform for tracking open-source software components, finds 95% of security issues involve some type of ...
Report: High Risks to Software Supply Chains are Commonplace
A nine-month analysis of more than 100 million alerts, tens of thousands of code repositories, and 140,000 real-world applications finds 95% of organizations have at least one high, critical, or apocalyptic risk ...
The Risks of the Cloud Oligopoly
The cloud oligopoly, insofar as it stifles competition, represents a potentially overlooked area in which businesses must assess their supply chain commitments ...
JFrog Forms Broad DevOps Alliance with GitHub
JFrog and GitHub today revealed a partnership through which they will work together to integrate their respective DevOps platforms, including integrations with GitHub Copilot, the generative artificial intelligence (AI) framework that is ...
Securing the DevOps Pipeline: Tools and Best Practices
Because of the critical nature of the DevOps pipeline, security is becoming a top priority. Here's how to integrate DevSecOps ...
Survey: Cyberattacks Aimed at Software Supply Chains are Pervasive
A survey found the vast majority of respondents work for organizations that experienced a software supply chain incident in the past 12 months ...
Synopsys Report Sees Steady Application Security Gains
An analysis of the security automation practices of 130 organizations published by Synopsys suggests significant progress toward securing software supply chains ...
How DevSecOps Addresses Supply Chain Security
Gaurav Belani | | devsecops, software development, software security, Software Supply Chain Security, supply chain
“The absence of security in the initial stages of system engineering is the single most significant cybersecurity gap and risk in modern system development.” This quote from tech entrepreneur Linda Rawson is ...
npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
Richi Jennings | | Amit Zavery, azure, code repo, code repositories, code repository, GOOG, GOOGL, google, Google Cloud, IaaS, microsoft, Microsoft Azure, MSFT, NPM, npm registry, open source, public repository, Repos, repositories, repository, Repository Security, SEO, Software Supply Chain, software supply chain attacks, Software Supply Chain Security, Software Supply Chains, softwaresupplychain, source code repository, spam, supply chain, supply chain attacks, supply chain security, The Long ViewIn this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad ...
Software Supply Chain Risk Management: A 2023 Guide
Software supply chain risk management (SSCRM) refers to the process of identifying, assessing and mitigating risks associated with third-party software components and services that are integrated into software products. SSCRM involves understanding ...
Tips For Securing CI/CD Pipelines
Most development teams want to increase the pace of their software delivery. As such, continuous integration and delivery (CI/CD) has grown in importance, helping push code from build to production as seamlessly ...
Software Supply Chain Security Debt is Increasing: Here’s How To Pay It Off
Last year, the world woke up to the software supply chain dilemma. We saw a spike in attacks as hackers sought to exploit known and unknown vulnerabilities within dependencies. There is also ...
