UK Public sector at risk from supply chain attacks, new report warnsUK public sector organizations are highly vulnerable to cyberattacks due to limited visibility into their software supply chains.
Report: High Risks to Software Supply Chains are Commonplace - DevOps.com95% of organizations have critical risks in their software supply chain.
AI is making the software supply chain more perilous than everThe JFrog report highlights security risks in the software supply chain, detailing threats from vulnerabilities, malicious packages, exposed secrets, and human error.
SBOM as a Cornerstone of Secure Software Development - DevOps.comSBOMs enhance software security by providing transparency and traceability of all components within software applications.
Sonatype Report Surfaces Software Supply Chain Security Challenges - DevOps.comThere has been a 156% increase in malicious open source packages, indicating significant risk for developers.
U.S. is the to generator of anonymous open source contributionsThe U.S. and Russia are the biggest contributors to open source projects, which carry significant vulnerabilities.
UK Public sector at risk from supply chain attacks, new report warnsUK public sector organizations are highly vulnerable to cyberattacks due to limited visibility into their software supply chains.
Report: High Risks to Software Supply Chains are Commonplace - DevOps.com95% of organizations have critical risks in their software supply chain.
AI is making the software supply chain more perilous than everThe JFrog report highlights security risks in the software supply chain, detailing threats from vulnerabilities, malicious packages, exposed secrets, and human error.
SBOM as a Cornerstone of Secure Software Development - DevOps.comSBOMs enhance software security by providing transparency and traceability of all components within software applications.
Sonatype Report Surfaces Software Supply Chain Security Challenges - DevOps.comThere has been a 156% increase in malicious open source packages, indicating significant risk for developers.
U.S. is the to generator of anonymous open source contributionsThe U.S. and Russia are the biggest contributors to open source projects, which carry significant vulnerabilities.
AI in software development: Looking beyond code generation - Developer Tech NewsAI will drive efficiency and ROI in software development, with a focus on embedding AI in engineering processes.
OpenSSF Defines Baseline for Securing Open Source Software - DevOps.comOpenSSF's OSPS Baseline aims to enhance security for small open source teams.It provides attainable security practices based on established standards.
Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music DownloadsA malicious Python library on PyPI allows unauthorized music downloads from Deezer, posing risks to users and violating Deezer's terms.
Security leaders weigh in on Biden's new cybersecurity executive orderThe Biden Administration's new cyber executive order aims to strengthen national cybersecurity across various critical areas.
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread MalwareCybersecurity researchers have found malicious Python packages targeting developers disguised as coding assessments, part of an ongoing campaign linked to the Lazarus Group.
Open source malware surged by 156% in 2024The rise of open source malware presents significant risks to software supply chains, with a staggering increase in malicious packages identified.
Lazarus Group infiltrates supply chain with stealthy malwareNorth Korea's Lazarus Group has launched a new malware campaign targeting cryptocurrency wallets and software supply chains.
OpenSSF Defines Baseline for Securing Open Source Software - DevOps.comOpenSSF's OSPS Baseline aims to enhance security for small open source teams.It provides attainable security practices based on established standards.
Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music DownloadsA malicious Python library on PyPI allows unauthorized music downloads from Deezer, posing risks to users and violating Deezer's terms.
Security leaders weigh in on Biden's new cybersecurity executive orderThe Biden Administration's new cyber executive order aims to strengthen national cybersecurity across various critical areas.
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread MalwareCybersecurity researchers have found malicious Python packages targeting developers disguised as coding assessments, part of an ongoing campaign linked to the Lazarus Group.
Open source malware surged by 156% in 2024The rise of open source malware presents significant risks to software supply chains, with a staggering increase in malicious packages identified.
Lazarus Group infiltrates supply chain with stealthy malwareNorth Korea's Lazarus Group has launched a new malware campaign targeting cryptocurrency wallets and software supply chains.
JFrog makes big splash on Nvidia lilypadJFrog integrates with Nvidia to enhance AI capabilities and improve software supply chain security for ML models.
Lineaje Adds Module to Manage Open Source Software Security Lifecycle - DevOps.comLineaje's Open Source Manager (OSM) with AI helps prioritize remediation efforts for DevOps teams.
GitLab devsecops survey finds progress, new prioritiesOrganizations prioritize investments in AI, security, and automation, focusing on software supply chain security.
JFrog makes big splash on Nvidia lilypadJFrog integrates with Nvidia to enhance AI capabilities and improve software supply chain security for ML models.
Lineaje Adds Module to Manage Open Source Software Security Lifecycle - DevOps.comLineaje's Open Source Manager (OSM) with AI helps prioritize remediation efforts for DevOps teams.
GitLab devsecops survey finds progress, new prioritiesOrganizations prioritize investments in AI, security, and automation, focusing on software supply chain security.
Cloudsmith raises $23M to improve software supply chain security | TechCrunchCloudsmith aims to improve software supply chain security by providing a robust artifact management platform.
OpenText Allies With Secure Code Warrior to Improve Application Security - DevOps.comOpenText and Secure Code Warrior simplify learning for developers on DevSecOps best practices and streamline security training access.
Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.comEndor Labs introduced analytics to assess challenges in upgrading open source packages, aiding DevSecOps in making informed decisions.
OpenText Allies With Secure Code Warrior to Improve Application Security - DevOps.comOpenText and Secure Code Warrior simplify learning for developers on DevSecOps best practices and streamline security training access.
Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.comEndor Labs introduced analytics to assess challenges in upgrading open source packages, aiding DevSecOps in making informed decisions.
Socket lands a fresh $40M to scan software for security flaws | TechCrunchThe software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.
Stacklok donates its Minder supply chain security project to the OpenSSF | TechCrunchStacklok donates Minder to OpenSSF, aiming to enhance open-source security through proactive checks and policies combined with cryptographic signing.
Socket lands a fresh $40M to scan software for security flaws | TechCrunchThe software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.
Stacklok donates its Minder supply chain security project to the OpenSSF | TechCrunchStacklok donates Minder to OpenSSF, aiming to enhance open-source security through proactive checks and policies combined with cryptographic signing.
Meta Measures Developer Productivity via Software Supply ChainsDeveloper productivity should focus on impact rather than speed or quantity of code.A holistic approach can better measure productivity through the software supply chain.
Study highlights secure software supply chain best practices | Computer WeeklyIT decision-makers prioritize improving software supply chain security in response to rising concerns about supply chain attacks.
GitHub Artifact Attestions now generally availableArtifact Attestations ensure integrity of artifacts in GitHub Actions by linking them to source code and build instructions.
Software Supply Chain Security with PhylumThe article discusses the importance of ensuring security in software supply chains, with insights from an industry expert.
GitHub's 2FA rollout boosts supply chain securityGitHub implemented mandatory 2FA for code contributors to enhance software supply chain security.
GitHub Artifact Attestions now generally availableArtifact Attestations ensure integrity of artifacts in GitHub Actions by linking them to source code and build instructions.
Software Supply Chain Security with PhylumThe article discusses the importance of ensuring security in software supply chains, with insights from an industry expert.
GitHub's 2FA rollout boosts supply chain securityGitHub implemented mandatory 2FA for code contributors to enhance software supply chain security.