secure software supply chain
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Richi Jennings | | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
Secure Software Development Attestation Form: Sonatype helps you comply
Ilkka Turunen | | CISA best practices, FEATURED, Federal, government, News and Views, secure software supply chain
On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) unveiled the final version of the Secure Software Development Attestation Form. This pivotal ...
Securing software development with Sonatype Air-Gapped Environment (SAGE)
Developers everywhere build modern applications from reusable pieces of code downloaded from repositories such as Maven Central ...
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Richi Jennings | | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
Open source risk management: Safeguarding software integrity
Aaron Linskens | | licenses, open source risk management, secure software supply chain, Sonatype Lifecycle, Vulnerabilities
In the constantly shifting terrain of software supply chains, open source software (OSS) fulfills a dual mandate, propelling innovation forward and serving as the cornerstone of operational efficiency ...
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug
Richi Jennings | | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
A guide for open source software (OSS) security
Aaron Linskens | | DevZone, open source, secure software supply chain, software supply chain automation, Sonatype Lifecycle, Sonatype Repository Firewall
When you search for a dependable open source software (OSS) component to integrate into your software supply chain, evaluation of the component’s security emerges as a critical task. This involves not only ...
Cyber Resilience Act: The Future of Software in the European Union
Aaron Linskens | | EU Cyber Resilience Act, News and Views, open source, Open source governances, secure software supply chain
Representatives of member states of the European Union (EU) reached a common agreement yesterday regarding the proposed Cyber Resilience Act (CRA) ...