vimarsana.com

Linux Foundation Software Package Data Exchange News Today : Breaking News, Live Updates & Top Stories | Vimarsana

Can SBOM help you attack APIs?

Learn how you can leverage the data in a software bill of materials (SBOM) document to find vulnerabilities in API dependencies. The post Can SBOM help you attack APIs? appeared first on Dana Epp's Blog.

SolarWinds defense: How to stop similar attacks

David A. Wheeler, the Linux Foundation s Director of Open Source Supply Chain Security, explained that in the Orion attack that the malicious code was inserted into Orion by subverting the program s build environment. This is the process in which a program is compiled from source code to the binary executable program deployed by end-users. In this case, the security company CrowdStrike worked out that the Sunspot malware watched the build server for build commands and silently replaced some of Orion s source code files with malware.  By entering the program before it s even properly a program, this hack makes most conventional security advice useless. For example,  

© 2025 Vimarsana

vimarsana © 2020. All Rights Reserved.