#software-supply-chain

[ follow ]
#security
more#security
#cybersecurity
Software development
fromDevOps.com
4 months ago

OpenSSF Defines Baseline for Securing Open Source Software - DevOps.com

OpenSSF's OSPS Baseline aims to enhance security for small open source teams.
It provides attainable security practices based on established standards.
Information security
fromThe Hacker News
4 months ago

Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads

A malicious Python library on PyPI allows unauthorized music downloads from Deezer, posing risks to users and violating Deezer's terms.
Information security
fromThe Hacker News
7 months ago

XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

A software supply chain attack on npm packages has persisted for over a year, embedding malware that steals data and mines cryptocurrency.
Artificial intelligence
fromWIRED
2 months ago

AI Code Hallucinations Increase the Risk of 'Package Confusion' Attacks

AI-generated code often references non-existent third-party libraries, posing risks for supply-chain attacks.
Information security
fromSecuritymagazine
9 months ago

Combating cyber threats with zero trust and supply chain security

The cyber threat landscape is increasingly complex, necessitating a zero-trust security approach and strong identity management to mitigate risks.
Software development
fromDevOps.com
4 months ago

OpenSSF Defines Baseline for Securing Open Source Software - DevOps.com

OpenSSF's OSPS Baseline aims to enhance security for small open source teams.
It provides attainable security practices based on established standards.
Information security
fromThe Hacker News
4 months ago

Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads

A malicious Python library on PyPI allows unauthorized music downloads from Deezer, posing risks to users and violating Deezer's terms.
Information security
fromThe Hacker News
7 months ago

XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

A software supply chain attack on npm packages has persisted for over a year, embedding malware that steals data and mines cryptocurrency.
Artificial intelligence
fromWIRED
2 months ago

AI Code Hallucinations Increase the Risk of 'Package Confusion' Attacks

AI-generated code often references non-existent third-party libraries, posing risks for supply-chain attacks.
Information security
fromSecuritymagazine
9 months ago

Combating cyber threats with zero trust and supply chain security

The cyber threat landscape is increasingly complex, necessitating a zero-trust security approach and strong identity management to mitigate risks.
more#cybersecurity
#jfrog
fromDevOps.com
1 month ago
Artificial intelligence

JFrog Extends Alliance With NVIDIA to Secure AI Software Supply Chain - DevOps.com

fromDevOps.com
1 month ago
Artificial intelligence

JFrog Extends Alliance With NVIDIA to Secure AI Software Supply Chain - DevOps.com

more#jfrog
fromInfoQ
2 months ago

Docker Introduces Hardened Images to Strengthen Container Security

Docker's Hardened Images, which are security-hardened container images, aim to simplify the secure deployment of containers and protect against software supply chain threats.
DevOps
#vulnerabilities
Information security
fromTechzine Global
3 months ago

AI is making the software supply chain more perilous than ever

The JFrog report highlights security risks in the software supply chain, detailing threats from vulnerabilities, malicious packages, exposed secrets, and human error.
Information security
fromTechzine Global
3 months ago

AI is making the software supply chain more perilous than ever

The JFrog report highlights security risks in the software supply chain, detailing threats from vulnerabilities, malicious packages, exposed secrets, and human error.
more#vulnerabilities
Tech industry
fromTechCrunch
4 months ago

Cloudsmith raises $23M to improve software supply chain security | TechCrunch

Cloudsmith aims to improve software supply chain security by providing a robust artifact management platform.
#devsecops
fromDevOps.com
7 months ago
Information security

OpenText Allies With Secure Code Warrior to Improve Application Security - DevOps.com

fromDevOps.com
11 months ago
Information security

Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.com

fromDevOps.com
7 months ago
Information security

OpenText Allies With Secure Code Warrior to Improve Application Security - DevOps.com

fromDevOps.com
11 months ago
Information security

Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.com

more#devsecops
Information security
fromTechCrunch
9 months ago

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.
fromComputerWeekly.com
10 months ago

Study highlights secure software supply chain best practices | Computer Weekly

The 2024 edition of Suse's Securing the cloud report highlights that 94% of IT decision-makers intend to review their software supply chain, aiming to mitigate security risks.
Information security
[ Load more ]