Tag: supply chain

Synopsys Report Sees Steady Application Security Gains
An analysis of the security automation practices of 130 organizations published by Synopsys suggests significant progress toward securing software supply chains ...

How DevSecOps Addresses Supply Chain Security
“The absence of security in the initial stages of system engineering is the single most significant cybersecurity gap and risk in modern system development.” This quote from tech entrepreneur Linda Rawson is ...

npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
In this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad ...

Software Supply Chain Risk Management: A 2023 Guide
Software supply chain risk management (SSCRM) refers to the process of identifying, assessing and mitigating risks associated with third-party software components and services that are integrated into software products. SSCRM involves understanding ...

Tips For Securing CI/CD Pipelines
Most development teams want to increase the pace of their software delivery. As such, continuous integration and delivery (CI/CD) has grown in importance, helping push code from build to production as seamlessly ...

Software Supply Chain Security Debt is Increasing: Here’s How To Pay It Off
Last year, the world woke up to the software supply chain dilemma. We saw a spike in attacks as hackers sought to exploit known and unknown vulnerabilities within dependencies. There is also ...

A DevOps Thanksgiving: What Are You Thankful For?
As crazy as it seems, here we are on the cusp of another Thanksgiving. This year has gone by so quickly, and as we enter the holiday season and the end of ...

The Age of Software Supply Chain Disruption
The software supply chain is swiftly becoming a widespread attack vector, and securing it is now in the spotlight. Software supply chain attacks have become a given in 2022, reports Darktrace. SolarWinds, ...

Orca Security Adds CLI to Improve Cloud Security
Orca Security has extended its cloud security platform via a command-line interface (CLI) that makes it simpler to integrate with a wide range of DevOps tools. Rather than relying on agents, the ...

WhiteSource Becomes Mend, Launches Automated Remediation Platform
WhiteSource rechristened itself Mend today and launched a remediation platform that automatically resolves security issues for application developers. Rami Sass, co-founder and CEO of Mend, said now the company is going beyond ...

How to Get the Supply Chain Back to (Better than) Normal
If a chain is only as strong as its weakest link, today’s supply chain is in dire straits. A recent infographic from The New York Times shows all too clearly that the ...

Atlassian Expands DevOps Tools Portfolio to Improve Collaboration
Atlassian has added an extensible catalog for tracking software components, dubbed Compass, to its portfolio of DevOps tools along with an Atlassian Data Lake and Atlassian Analytics cloud service that makes it ...