Articles about Supply chain

As developers come under increasing pressure to deliver projects quickly, there's a rising level of conflict between development and security teams. And attackers are taking advantage of this conflict in order to target software supply chains.

So, what kind of threats do enterprises face and what can they do to protect themselves? We spoke to Pete Morgan, co-founder and CSO of supply chain security company Phylum to find out.

Continue reading →

According to a new report, 98.6 percent of organizations have concerning misconfigurations in their cloud environments that can cause critical risks to their data and infrastructure.

The research from Zscaler finds cloud misconfiguration errors related to public access to storage buckets, account permissions, password storage and management, and more, have led to the exposure of billions of records.

Continue reading →

A new platform from Sonatype is designed to make it easier for developer and security teams to unite and build innovative software securely.

It delivers an Application Security Testing (AST) and Software Composition Analysis (SCA) tool that offers cloud, self-hosted, and disconnected deployment options -- giving control and flexibility to its customers.

Continue reading →

Developers are under more pressure than ever to deliver projects quickly, but at the same time applications and the supply chain need to be kept secure.

So, what things can we expect to see for development in 2023? Here are some expert views on the key trends.

Continue reading →

A new survey of UK IT decision makers from cybersecurity company WithSecure looks at global supply chain issues, with 67 percent of respondents believing that these issues will either remain the same (28 percent) or get worse (39 percent) within the next year.

As issues around inflation and supply shortages remain high in the news agenda, 43 percent believe they are very knowledgeable in their understanding of supply chain issues. However, few are confident of quick fixes to these global issues, and 60 percent of respondents believe that they will last for two years or more.

Continue reading →

Attacks on the software supply chain have become more common in recent years. Part of the key to tackling them lies in understanding what components are in your software and where they originate.

This is why the software bill of materials (SBOM) has become a vital tool for organizations seeking to secure their software. We spoke to Alex Rybak, senior director, product management at Revenera to learn more about SBOMs and what advantages they offer.

Continue reading →

A host of 'black swan' events have hit companies’ supply chains over the past two years, straining existing processes and structures. Beyond the obvious impact of COVID-19, the Suez Canal blockage, chip shortages, and Brexit -- now organizations are trying to mitigate disruptions from the war in Ukraine and rising inflation.

The end result: a stronger need than ever before to enhance levels of communication, collaboration and joint decision making across the supply chain, to reduce risk in the face of challenges still to come.

Continue reading →

Software supply chain security is at the top of a lot of agendas at the moment, more so since the Log4j vulnerability was discovered and since the US Executive Order on cybersecurity.

Google is seeking contributors to a new open source project called GUAC (Graph for Understanding Artifact Composition), which although in its early stages yet is poised to change how the industry understands software supply chains.

Continue reading →

The desire for software supply chain integrity and transparency has left many organizations struggling to build in software security measures like signatures, provenance, and SBOMs to legacy systems and existing Linux distributions.

This has prompted Chainguard to produce Wolfi, a new Linux '(un)distribution' and build toolchain, that's been designed from the ground up to produce container images that meet the requirements of a secure software supply chain.

Continue reading →

New data reveals a significant increase in activities to secure open source components and integrate security into developer toolchains in order to protect the software supply chain.

The 13th edition of the Building Security In Maturity Model (BSIMM) report from Synopsys analyzes the software security practices of 130 organizations -- including Adobe, PayPal and Lenovo -- in their efforts to secure more than 145,000 applications built and maintained by nearly 410,000 developers.

Continue reading →

A new study from Symantec's Threat Hunter team looks at how upstream supply chain issues can make their way into mobile apps, making them vulnerable.

Issues identified include mobile app developers unknowingly using vulnerable external software libraries and SDKs, as well as companies outsourcing the development of their mobile apps then ending up with vulnerabilities that put them at risk.

Continue reading →

Supply chain attacks have been on the threat radar of many organizations and their security teams for several years. However, since the infamous SolarWinds attack in 2020 -- which led to widespread and damaging compromises of data, networks and systems -- the supply chain attack vector has taken on a new level of focus. Indeed, supply chain attacks, which have become an effective way for hackers to gain access to IT networks at scale, and as such, are among the most worrying cybersecurity risks currently facing organizations today.

Supply chain risks come in many forms -- from complex to relatively simplistic. The UK government’s Cyber Security Breaches Survey, which explores organizations’ policies, processes, and approaches to cybersecurity and is used to inform government cybersecurity policy, looked at this in its latest report. The 2022 survey reveals that just 13 percent of businesses review the risks posed by their immediate suppliers, with that number dropping to 7 percent for their wider supply chain. Possibly even more concerning, many organizations commonly perceive 'big tech' companies to be "invulnerable to cyber attacks".

Continue reading →

The Log4j vulnerability first hit the headlines in December last year. Since then we've heard less about it, but it hasn't gone away, like most vulnerabilities it has a long tail.

A recent report from the Cybersecurity Safety Review Board takes a comprehensive look at the vulnerability and what can be learned from it.

Continue reading →

Software supply chain risk has become mainstream, with 52 percent of respondents to a new survey being concerned about it.

The study from cybersecurity company Coalfire also finds 50 percent of boards of directors with software-buying companies are raising concerns, which means that responsibility for software supply chain risk is no longer confined to technical teams.

Continue reading →

Continuing global supply chain disruption caused by the pandemic and the war in Ukraine is putting enterprises at increased risk from things like ransomware attacks, according to new research from Citrix.

The survey of 200 UK IT decision makers carried out by OnePoll finds 80 percent of security leaders believe that supply chain issues or delays have put their organization at increased risk from ransomware -- for example, by being unable to replace unsupported hardware.

Continue reading →