On September 8th, the Node.js ecosystem was hit by one of the most widespread supply chain attacks ever reported. A malicious actor poisoned numerous npm packages, compromising thousands of developers and organizations. This incident is another stark reminder: your software supply chain is only as secure as its weakest dependency. Why This Matters Modern applications…
Continue ReadingVulnerability Management
Industry News
Fidelity says data breach exposed personal data of 77,000 customers
Internet Archive hacked, data breach impacts 31 million users
Water supplier American Water Works says systems hacked
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
SEC Charges SolarWinds and CISO with Fraud, Internal Control Failures
SBOM Adoption Guide: Part 3 – How to Ingest and Manage SBOMs at Scale
Overview and Introduction Welcome to the third installment of the “Care and Feeding of SBOMs” series! Our first article, SBOM Adoption at Scale: Burden or Opportunity?, outlined the strategic importance of Software Bills of Materials (SBOMs). The second, How to Build SBOMs at Scale, dove into the practicalities of generating accurate SBOMs for your organization’s…
Continue ReadingSBOM Adoption Guide: Part 2 – How to Build SBOMs at Scale
Summary and Background This is the second installment in the Care and Feeding of SBOMs series. The inaugural article, SBOM Adoption at Scale: Burden or Opportunity?, introduced the role and impact that Software Bill of Materials (SBOMs) play across development, enterprise, and regulatory application stakeholders. For a more literal SBOM definition, check out SBOM 101:…
Continue Reading
DevSecOps Roadmap Part 4: Link SBOMs with External References
This is the fourth and final post in our series on managing SBOMs at scale, where we’ll dive into the intricacies of creating, managing, and ingesting complex dependent SBOMs. If you haven’t read it yet, check out our first three posts “DevSecOps Roadmap: Do I Really Need SBOMs?”, “DevSecOps Roadmap: Generating SBOMs”, and “DevSecOps Roadmap:…
Continue ReadingDevSecOps Roadmap Part 3: Ingest, Manage, and Monitor SBOMs
This is the third post in our series on managing SBOMs at scale, where we’ll dive into how to ingest, manage and monitor SBOMs that you receive. If you haven’t read them yet, check out our first two posts “DevSecOps Roadmap: Do I Really Need SBOMs?” and “DevSecOps Roadmap: Generating SBOMs”. In previous posts we…
Continue ReadingDevSecOps Roadmap Part 2 – Generating SBOMs
This is the second post in our series on managing SBOMs at scale, where we’ll dive into defining goals around SBOM generation in order to determine which type of SBOM to generate, when and how to generate and where you might store SBOMs. If you haven’t read it yet, check out our first post “DevSecOps…
Continue ReadingDevSecOps Roadmap Part 1 – Do I Really Need SBOMs?
This is the first in our series on SBOMs, where we’ll dive into: Much of this series will focus on high level processes and ideal practices, and less so on the actual implementation details, so if you’re looking for those check out the last post in the series here. If you need a refresher on…
Continue Reading
DataTech Software Security: Protecting the Data That Powers Business
Nearly every business today relies on vast amounts of data to run. Data Technology companies, or DataTech for short, are at the center of it all. They’re the logging platforms, data aggregators, integration tools, and visualization dashboards businesses use to clean up and make sense of raw data. Given how valuable it is to businesses,…
Continue Reading
How to Manage Open Source Software Vulnerabilities Without Slowing Your Team Down
Open source software is a critical component of modern applications, but it also introduces security risks that must be managed effectively. For Software Engineering and Information Security Managers, balancing vulnerability remediation with development speed can be challenging, especially when adopting new security tools. While the initial learning curve may seem steep, refining software development processes…
Continue Reading