software supply chain
Dependency mapping: A beginner’s guide
Organizations everywhere use open source to expedite development, lower costs, and improve performance. Our annual State of the Software Supply Chain reports consistently reaffirm that open source comprises up to 90% of ...
How manufacturing best practices can improve open source consumption and software supply chains
The biggest problem facing software organizations today is an inability to track, monitor, and improve the usage of open source software. This isn’t about security alone. From DevOps to DevSecOps, there are ...
Broken ARM: Mali Malware Pwns Phones
Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver ...
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Unlocking the power of generative AI in software development: Insights from Sonatype’s survey
Over the past year, generative artificial intelligence (AI) rapidly emerged as a game-changing technology, similar to the disruptive force of cloud computing in the 2000s. As often happens during the initial phases ...
What Can Happen If You Don’t Address Software Supply Chain Security Issues?
By now we know that software supply chain security issues are plentiful. And perhaps you’ve (wisely) decided that it’s a good idea to secure your software supply chain…you just haven’t gotten around ...
Products for Software Supply Chain Security
As CISOs and CSOs craft or broaden their software supply chain security programs, they will be faced with an overwhelming number of tools in a variety of categories. Even with product consolidation, ...
Google Cloud Build Flaw Could Enable Supply Chain Attacks
Bad actors could exploit a design flaw, called Bad.Build, in Google Cloud Build to escalate privileges and gain access to Google Artifact Registry code repositories ...
Getting started with the Secure Software Development Framework (SSDF)
In today’s software-driven world, it’s crucial to ensure the security of software during development. Yet many software development life cycle (SDLC) models lack specific emphasis on software security, requiring the addition of ...
ChatGPT Provides Limited Help Identifying Malware
Current LLM-based tech like ChatGPT can accurately classify malware risk in only 5% of cases—and they may never be able to recognize novel approaches used to create malware ...
