Open Source and Software Supply Chain Risks Archives

A ballet dancer sitting with her head in her hands

‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought

Richi Jennings | July 5, 2024 | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity

Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...

Security Boulevard

‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE

Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ...

Security Boulevard

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...

Security Boulevard

A penguin, running towards us, beak wide open and screaming

Linux Vendors Squawk: PATCH NOW — CVSS 9.8 Bootkit Bug in shim.efi

Richi Jennings | February 8, 2024 | BIOS, CVE-2023-40547, Enterprise Linux and Open Source, Linux, open source, Open Source and Software Supply Chain Risks, open source code, Open Source Community, open source components, open source development, Open Source Ecosystem, SB Blogwatch, secure boot, shim, UEFI, UEFI Failing, UEFI vulnerabilities

Snow joke: A Microsoft researcher found it—and it’s somehow Microsoft’s fault ...

Security Boulevard

Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug

WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...

Security Boulevard

Black Duck audits reporting update: Streamlined view of risks and remediation steps

Emmanuel Tournier | September 7, 2023 | M&A and OSS license compliance, Mergers and acquisitions due diligence, Open Source and Software Supply Chain Risks, Open source license compliance

New Synopsys Black Duck® engagement summary report summarizes a breadth of insights across all domains of software due diligence. Introducing the new engagement summary report Synopsys is offering a new Black Duck® ...

Application Security Blog

The parallels of AI and open source in software development

Phil Odence | August 25, 2023 | M&A and OSS license compliance, Mergers and acquisitions due diligence, Open Source and Software Supply Chain Risks, Open source license compliance

Parallels between the history of open source and the rise of AI in software development can teach us valuable AppSec lessons ...

Application Security Blog

The rise of AI in software development

Phil Odence | August 11, 2023 | M&A and OSS license compliance, Mergers and acquisitions due diligence, Open Source and Software Supply Chain Risks, Open source license compliance

Generative artificial intelligence tools are changing the world and the software development landscape significantly. Our webinar series will help you understand how ...

Application Security Blog

Why nontechnical organizations need due diligence

Don Mulrenan | July 14, 2023 | M&A and OSS license compliance, Mergers and acquisitions due diligence, Open Source and Software Supply Chain Risks, Open source license compliance

Software impacts tech and nontech businesses alike, which is why a strategic acquirer or PE firm always needs due diligence. ...

Application Security Blog

Defending against malicious packages in the npm ecosystem and beyond

Fred Bals | June 30, 2023 | Managing security risks, Open Source and Software Supply Chain Risks, Software Composition Analysis

Learn how to shield your organization from the danger of malicious packages in the npm ecosystem and beyond. ...

Application Security Blog

Open Source and Software Supply Chain Risks

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On