Software supply chain security reality check: Practitioners reveal growing concern

Software supply chain security reality check: Practitioners reveal growing concern

Dimensional Research recently polled more than 300 technology professionals in the United States and Europe on the state of software supply chain security. The survey, sponsored by ReversingLabs, revealed growing alarm from teams ...
SLSA 1.0 delivers build provenance: What application security teams need to know

SLSA 1.0 delivers build provenance: What application security teams need to know

The latest version of the Supply-chain Levels for Software Artifacts (SLSA) framework for improving software supply chain security offers several improvements over the previous version, including better provenance guidelines and a system ...
The 3CX attack gets wilder, marks first 'cascading software supply chain compromise'

The 3CX attack gets wilder, marks first ‘cascading software supply chain compromise’

Security firm Mandiant Consulting released a report Wednesday that traced the breach at 3CX back to yet another supply chain-compromised application: X-Trader, a derivatives trading software application manufactured by the firm Trading ...
6 reasons app sec teams should shift gears and go beyond legacy vulnerabilities

6 reasons app sec teams should shift gears and go beyond legacy vulnerabilities

With software supply chain attacks surging, dev and application security teams should shift gears from legacy vulnerabilities to open-source repos, DevOps tools, and software tampering ...
Survey finds software supply chain security top of mind for dev teams — but tampering detection lags

Survey finds software supply chain security top of mind for dev teams — but tampering detection lags

A survey of more than 300 technology professionals found widespread concern about supply chain attacks, but only sporadic efforts to detect such attacks ...