Top 10 Security, Operational Risks From Open Source Code

Endor Labs has introduced an OWASP-style listing of the most important or impactful risks inherent in the use of open source software (OSS).
The post Top 10 Security, Operational Risks From Open Source Code appeared first on SecurityWeek.
Continue reading Top 10 Security, Operational Risks From Open Source Code

Cyber Insights 2023 | Supply Chain Security

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be remediated.

The post Cyber Insights 2023 | Supply Chain Security appeared first on SecurityWeek.

Continue reading Cyber Insights 2023 | Supply Chain Security

OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings

Chainguard OpenVEX Spec adds clarity to Supply Chain Vulnerability warnings specifications to help software vendors and maintainers communicate precise metadata about the vulnerability status of products.

The post OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings appeared first on SecurityWeek.

Continue reading OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings

Gartner: Mitigate Risk By Hardening the Software Supply Chain

When molten steel is immersed in water it transforms into one of the world’s strongest materials. A resilient software supply chain is no different. Hardened steel requires combining alloys; a hardened software supply chain requires combinin… Continue reading Gartner: Mitigate Risk By Hardening the Software Supply Chain

Why You Need a Software Bill of Materials More Than Ever

Imagine that a new vulnerability in lodash was just announced. Applications using the npm package are being exploited through large scale automated DoS attacks. You need to act quickly to understand if your organization’s systems are at risk… Continue reading Why You Need a Software Bill of Materials More Than Ever