software supply chain
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Richi Jennings | | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
How to safeguard your software supply chain
Software vulnerabilities can lead to catastrophic cyberattacks, so understanding the intricacies of your software supply chain has never been more critical ...
What are SBOM standards and formats?
The growing importance of software bills of materials (SBOMs) marks a significant shift towards better transparency and security in software management ...
Embracing the AI revolution: Navigating the impact on developers
Aaron Linskens | | Artificial Intelligence, dependencies, News and Views, Report/Survey/Whitepaper releases, software supply chain
In the wake of transformative advancements in generative artificial intelligence (AI) and machine learning (ML), the landscape of software development is undergoing a significant shift ...
What are the elements of an SBOM?
A software bill of materials (SBOM) is not just a list, but a detailed inventory that captures the components and dependencies contained within a piece of software ...
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Richi Jennings | | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
The curious case of ‘csrf-magic’: A case study in supply chain poisoning
Back in the day, Ivanti disclosed CVE-2021-44529, a critical "code injection" vulnerability in its EPM Cloud Services Appliance (CSA) product ...
Sonatype Unveils State-of-the-Art Artificial Intelligence Component Detection
Crystal Derakhshan | | Artificial Intelligence, FEATURED, open-source-software, Product, software supply chain
In the rapidly evolving world of software development, the adoption of artificial intelligence (AI) and machine learning (ML) is no longer just a trend—it's a revolution ...
Why SBOMs are essential for every organization
In the complicated balancing act of rapid software development and robust cybersecurity, software bills of materials (SBOMs) serve a valuable function to help secure the intricate and vast systems that constitute software ...
Mastering SBOMs: Demonstrations
In our recent webinar, Mastering SBOMs: Demonstrations, speakers, including Ilkka Turunen, Field CTO, Sonatype, Robert Haas, Global DevSecOps Product Manager, DXC Technology, and Marc Luescher, Solution Architect, AWS, highlighted real-world applications of ...