Tag: supply chain security
How to Extend an Application Security Program to AI/ML Applications
Gopinath Rebala | | AI/ML Applications, Application Security Program, appsec, Data Security Model, Large Language Models, LLMs, Runtime Environments, Security Risks, supply chain security, Third-party DependenciesWhile various AI/ML application risks are like traditional application security risks and can be protected using the same tools and platforms, runtime security for the new models requires new methods of securing ...
JFrog Survey Surfaces Limited DevSecOps Gains
A global survey of 1,402 application developers, cybersecurity and IT operations professionals finds 71% work for organizations that, despite any potential vulnerabilities, still allow developers to download packages directly from the internet ...
Checkmarx Extends DevSecOps Reach to Repository Security and Secrets Discovery
Checkmarx this week extended the scope of its ability to protect software supply chains with tools that access how secure a repository is and find where application secrets have been shared in ...
Survey Surfaces Software Supply Chain Security Gains
A survey of 106 leaders and practitioners involved in software supply chain security finds more than three-quarters of respondents (76%) work for organizations that have made software supply chain security a significant ...
Survey Surfaces Troubling Signs of Software Supply Chain Insecurity
Mike Vizard | | ai, compliance, CRA, regulatory compliance, Software Supply Chain, supply chain securityA survey of software engineering professions has uncovered disconcerting signs of software supply chain insecurity ...
Survey Surfaces Lots of Software Supply Chain Insecurity
A global survey of 900 application security professionals finds nearly two-thirds work for organizations that have had their software supply chains compromised in the past two years ...
OX Security Optimizes DevSecOps to Improve Application Security
OX Security updated its ASPM platform to enable DevSecOps teams to instantly identify applications with vulnerable code ...
Sysdig Identifies Cyberattacks on GitLab Platforms Using Binaries
Sysdig Threat Research Team uncovers cyberattacks using binaries written in Go and .NET are compromising on-premises editions of GitLab ...
Extending the GitOps Pipeline: DevSecOps and Trusted Application Delivery
Joydip Kanjilal | | application delivery, devsecops, gitops, software security, supply chain security, trusted application deliveryThe fusion of DevSecOps and trusted application delivery can extend the GitOps pipeline and add business value ...
npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
Richi Jennings | | Amit Zavery, azure, code repo, code repositories, code repository, GOOG, GOOGL, google, Google Cloud, IaaS, microsoft, Microsoft Azure, MSFT, NPM, npm registry, open source, public repository, Repos, repositories, repository, Repository Security, SEO, Software Supply Chain, software supply chain attacks, Software Supply Chain Security, Software Supply Chains, softwaresupplychain, source code repository, spam, supply chain, supply chain attacks, supply chain security, The Long ViewIn this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad ...
Awareness of Software Supply Chain Security Issues Improves
Mike Vizard | | best practices, CI/CD, devsecops, security, Software Supply Chain, supply chain securityA global survey of 167 software professionals suggested that, while there is a lot more awareness of application security issues, the adoption of DevSecOps best practices is still not pervasive. The survey, ...
Dev of core-js Will Flip Table ¦ Another 451 PyPI Maldeps
Richi Jennings | | core-js, Denis Pushkarev, JavaScript, open source, PyPi, Russia, Software Supply Chain, Software Supply Chain Security, softwaresupplychain, supply chain attacks, supply chain security, The Long ViewIn this week’s #TheLongView: Denis Pushkarev is fed up with core-js freeloaders, and hundreds more malicious packages found at PyPI ...
