Collaborate Disseminate
Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who reg… Continue reading NIST’s NVD has encountered a problem
A majority of both developers and CISOs view software supply chain security as a top priority in their roles (70% and 52% respectively), according to Chainguard. However, there is a clear disconnect and even some distrust between CISOs and developers r… Continue reading CISOs vs. developers: A battle over security priorities
Washington startup Chainguard banks $61 million in new financing as investors make hefty wagers on software supply chain security companies.
The post Supply Chain Startup Chainguard Scores $61 Million Series B appeared first on SecurityWeek.
Continue reading Supply Chain Startup Chainguard Scores $61 Million Series B
The software supply chain encompasses the entire lifecycle of a software product, from its conception and development to its distribution and deployment. It involves a complex network of suppliers, vendors, developers, integrators, and users, making it… Continue reading Unraveling the importance of software supply chain security
There’s been a massive push for supply chain security in the last few years: integrity protection, vulnerability management, and transparency. This push has left organizations struggling to secure their pipelines and manage vulnerabilities, espec… Continue reading Wolfi Linux provides the control needed to fix modern supply chain threats
Wolfi is a new community Linux undistribution that combines the best aspects of existing container base images with default security measures that will include software signatures powered by Sigstore, provenance, and software bills of material (SBOM). … Continue reading Wolfi: A Linux undistro with security measures for the software supply chain
Just as developers and security teams were getting ready to take a breather and fire up the BBQ for the holiday weekend, the U.S.’s most prestigious security agencies (NSA, CISA, and ODNI) dropped a 60+ page recommended practice guide, Securing the Sof… Continue reading Government guide for supply chain security: The good, the bad and the ugly
Software supply chain attacks have been increasing over the past few years, spurring the Biden administration to release an executive order detailing what government agencies are supposed to do to protect themselves against them. These attacks consist … Continue reading Sigstore: Signature verification for protection against supply chain attacks
Here’s a look at the most interesting products from the past week, featuring releases from Akamai, Alert Logic, BreachBits, Kudelski Security, ThreatX, and Workato. Alert Logic Intelligent Response minimizes the impact of a security breach Alert Logic … Continue reading New infosec products of the week: April 29, 2022
Chainguard announced its first product, Chainguard Enforce, an open source software supply chain security solution for Kubernetes workloads. Chainguard Enforce enables you to define, observe, distribute, and enact policies that ensure only trusted cont… Continue reading Chainguard Enforce protects organizations from supply chain threats