.Net Devs Can Now Vet NuGet Packages with the Spectra Assure Community
Curating open source code or compiled DLLs from the NuGet public package repository is a common practice for .NET developers. It is fairly easy to search for appropriate packages, and eliminates time spent reinventing wheels, axles, headlights, seat-belts, etc.. In a 2023 survey, 80% of respondents increased the use of ... Read More
Gauging the Safety Level of Your Software with Spectra Assure
It’s been a little over a year since we first introduced security levels into Spectra Assure™ with the goal of reducing the remediation burden on developers. It automatically generates a plan for addressing prioritized software risks, recommending manageable projects to continually improve the software’s level of supply chain security in ... Read More
How RL Spectra Assure Analyzes Reproducible Builds to Find Compromises
Tampering with the automated systems that build software is an effective software supply chain attack vector. Code compiled on compromised servers can produce binaries with embedded malware or changes that make the software behave like malware. The complexity of modern build systems exacerbates the problem, since the many moving parts ... Read More
Introducing New Secrets Management Capabilities For Mitigating Software Supply Chain Risk
Businesses are vulnerable to software supply chain breaches when software releases leak secrets such as authentication credentials, hardcoded passwords, API tokens, and encryption keys. Look no further than the CircleCI, Toyota and CodeCov incidents ... Read More
Not all SBOMs Are the Same. Choose Wisely!
Software Bills of Materials (SBOMs) are top of mind for most organizations, with 78% of them expecting to produce or consume SBOMs[1]. This is not surprising as the visibility provided by comprehensive SBOM makes it easier to answer the questions such as: “What’s the minimum number of libraries we must ... Read More
Expanding Security Visibility To Reduce Software Supply Chain Risk
No doubt about it, the way malicious actors attack their targets through software is changing.The attack pattern we’re familiar with is fairly direct. Someone finds a vulnerability in deployed software. Malicious actors develop malware to exploit the weakness. They then find a way to reach the deployed software within target ... Read More
3 Reasons for Appsec Folks to be Excited About ReversingLabs
While attacks on software supply chains aren’t new, the intense focus of malicious actors on tampering with trusted applications demands an extension of existing application security programs to identify and address a growing set of indicators of compromise. Minimizing the risk of future supply chain attacks requires us to improve ... Read More
