software supply chain hygiene Archives

A ballet dancer sitting with her head in her hands

‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought

Richi Jennings | July 5, 2024 | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity

Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...

Security Boulevard

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...

Security Boulevard

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...

Security Boulevard

Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug

WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...

Security Boulevard

Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree

Mike Hoskins | March 4, 2020 | Community Product, FEATURED, Industry commentary, News and Views, Nexus Repository OSS, npm, PyPI, software supply chain hygiene

If you've been immersed in the Node.js/JavaScript community for awhile, or even if you are just getting started, you are likely using npm audit to scan package dependencies in your projects. It's ...

Sonatype Blog

Gartner: You Must Assess Overall Software Health and Welfare

Katie McCaskey | February 24, 2020 | 2019 State of the Software Supply Chain Report, FEATURED, Gartner, Industry commentary, News and Views, Product, software supply chain hygiene

Gartner’s recent report Technology Insight for Software Composition Analysis, makes four open-source security recommendations that companies should think about when determining what type of software composition analysis program they want to have ...

Sonatype Blog

Nexus Lifecycle Now Integrates with Azure DevOps to Secure Software Supply Chains in the Cloud

Michelle Dufty | October 11, 2019 | azure, Cloud, DevOps in the Cloud, FEATURED, Nexus Lifecycle, open source software supply chain, Product, software supply chain hygiene

As more and more software development teams move to the cloud, it is now more important than ever to ensure that only the best open source components make it into a final ...

Sonatype Blog

software supply chain hygiene

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On