Learn how you can leverage the data in a software bill of materials (SBOM) document to find vulnerabilities in API dependencies. The post Can SBOM help you attack APIs? appeared first on Dana Epp's Blog.
What utility companies need to know about software bill of materials utilitydive.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from utilitydive.com Daily Mail and Mail on Sunday newspapers.
David A. Wheeler, the Linux Foundation s Director of Open Source Supply Chain Security, explained that in the Orion attack that the malicious code was inserted into Orion by subverting the program s build environment. This is the process in which a program is compiled from source code to the binary executable program deployed by end-users. In this case, the security company CrowdStrike worked out that the Sunspot malware watched the build server for build commands and silently replaced some of Orion s source code files with malware.
By entering the program before it s even properly a program, this hack makes most conventional security advice useless. For example,