A survey of 106 leaders and practitioners involved in software supply chain security finds more than three-quarters of respondents (76%) work for organizations that have made software supply chain security a significant or top (24%) priority.
Survey Surfaces Troubling Signs of Software Supply Chain Insecurity
A survey of software engineering professions has uncovered disconcerting signs of software supply chain insecurity.
Survey Surfaces Lots of Software Supply Chain Insecurity
A global survey of 900 application security professionals finds nearly two-thirds work for organizations that have had their software supply chains compromised in the past two years.
OX Security Optimizes DevSecOps to Improve Application Security
OX Security updated its ASPM platform to enable DevSecOps teams to instantly identify applications with vulnerable code.
Sysdig Identifies Cyberattacks on GitLab Platforms Using Binaries
Sysdig Threat Research Team uncovers cyberattacks using binaries written in Go and .NET are compromising on-premises editions of GitLab.
Extending the GitOps Pipeline: DevSecOps and Trusted Application Delivery
The fusion of DevSecOps and trusted application delivery can extend the GitOps pipeline and add business value.
npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
In this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad.
Awareness of Software Supply Chain Security Issues Improves
A global survey of 167 software professionals suggested that, while there is a lot more awareness of application security issues, the adoption of DevSecOps best practices is still not pervasive. The survey, conducted by Chainguard, the Eclipse Foundation, the Rust Foundation and the Open Source Security Foundation (OpenSSF), found that just over half (51%) of […]
Dev of core-js Will Flip Table ¦ Another 451 PyPI Maldeps
In this week’s #TheLongView: Denis Pushkarev is fed up with core-js freeloaders, and hundreds more malicious packages found at PyPI.
Software Supply Chain Security Debt is Increasing: Here’s How To Pay It Off
Last year, the world woke up to the software supply chain dilemma. We saw a spike in attacks as hackers sought to exploit known and unknown vulnerabilities within dependencies. There is also the chance of typosquatting, and malicious code commits to consider. Such supply chain attacks have increased by a shocking 742% over the past […]