Federal CI/CD security guidance: Been there, done that

Federal CI/CD security guidance: Been there, done that

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) are telling development organizations to tighten up the security of their development pipelines or face the risk of damaging software supply chain attacks.  ... Read More
CISA SBOM-a-rama tackles challenges: 5 key takeaways

CISA SBOM-a-rama tackles challenges: 5 key takeaways

“The devil is in the details,” as the saying goes. Nowhere is that more true than in the looming requirement that software makers implement software bills of materials (SBOMs), which provide a list of ingredients for software and services ... Read More
Self-attestation: What software teams need to know

Self-attestation: What software teams need to know

Software companies supplying the U.S. federal government must begin attesting to the security of critical software by June 11 — and more deadlines for attesting to the security of a wider range of software are approaching in the months ahead ... Read More
Q&A with ReversingLabs COO Peter Doggart: With software supply chain security, 'your brand is at stake'

Q&A with ReversingLabs COO Peter Doggart: With software supply chain security, ‘your brand is at stake’

| | Company & Events
On May 23rd, ReversingLabs announced that Peter Doggart was appointed as the company’s new Chief Operating Officer. Doggart, an Operating Partner at Crosspoint Capital, will head up the sales, marketing, business development and customer success organizations at ReversingLabs ... Read More
Red teaming a country: Lessons learned from Sakura Samurai's Indian government hack investigation

Red teaming a country: Lessons learned from Sakura Samurai’s Indian government hack investigation

In the midst of the COVID-19 pandemic, John Jackson was looking for ways to stay busy. Jackson is a renowned offensive security consultant and the founder of Sakura Samurai, a (now defunct) hacking crew that gained notoriety for plumbing the security of high profile business and consumer applications.  ... Read More
What’s behind SBOM skepticism? One word: Fear

What’s behind SBOM skepticism? One word: Fear

If there’s a poster child for the increased focus and attention on the security of software supply chains, it is the SBOM, or Software Bill of Materials. SBOMs are a critical component for operationalizing software supply chain security. Practically, SBOMs act like a list of ingredients for the software that ... Read More
RSAC in review: Supply chain security, cyber war and AI

RSAC in review: Supply chain security, cyber war and AI

More than three years after the COVID pandemic threw the global economy — not to mention the technology conference business — on its ear, the RSA Security Conference was back in full force this year, with attendance and a theme, Stronger Together, that celebrated the diversity of the information security ... Read More
The rise of malware in the software supply chain – and what to do about it

The rise of malware in the software supply chain – and what to do about it

The fast-evolving story of the compromise of voice over IP (VoIP) provider 3CX has refocused attention on the threat that software supply chain compromises pose. State-sponsored hackers tampered with 3CX’s desktop client, compromising the company’s Windows and macOS build environments, and added a backdoor to the desktop client’s code. The ... Read More
The 3CX attack gets wilder, marks first 'cascading software supply chain compromise'

The 3CX attack gets wilder, marks first ‘cascading software supply chain compromise’

Security firm Mandiant Consulting released a report Wednesday that traced the breach at 3CX back to yet another supply chain-compromised application: X-Trader, a derivatives trading software application manufactured by the firm Trading Technologies ... Read More
Companies scramble to cover software supply chain security gaps: 3 key survey takeaways

Companies scramble to cover software supply chain security gaps: 3 key survey takeaways

|
The cyber risks posed by vulnerable internal, open-source and third-party software that make up a modern supply chain are a source of intense concern for both for development teams and security operations centers within enterprises, according to a recent Dimensional Research survey of more than 321 IT professionals commissioned by ... Read More