Just who is running your favourite project these days?
Joseph Martins Wed 17 Feb 2021 // 20:00 UTC Share
Copy
Sponsored In November 2020, the JavaScript registry npm flashed a security advisory that a library called twilio-npm harboured malicious code which could backdoor any machine it was downloaded to. Perhaps the most troubling aspect of this tale is that this was the seventh such malicious package found on npm within a month, a stark illustration of the effort that cybercriminals are making to insert themselves into the open source software supply chain.
Between February 2015 and June 2019, 216 such Next Generation Software Supply Chain Attacks were recorded, according to Sonatype’s State of the Software Supply Chain Report, 2020. From July 2019, to May 2020, the number shot up to 929. Attacks jumped 430 per cent between 2019 and 2020.
BankInfoSecurity
May 5, 2021
Compliance
Digital innovation is the ultimate source of competitiveness and value creation for almost every type of business. The universal desire for faster innovation demands
efficient reuse of code, which in turn has led to a growing dependence on open source and thirdparty software libraries.
Download this whitepaper to learn more about:
Identifying exemplary open source suppliers;
How high performance teams manage open source software supply chains;
The trust and integrity of software supply chains;
The changing OSS landscape: Social activism and government standards.
Maintain an inventory of components
The most important open-source management practice that organizations should have is an inventory of which open-source components are used, and where, Mackey said. That s particularly important because of the way many organizations obtain their open-source components, Korren said. Very few organizations use open source directly from GitHub. A lot of them are getting a copy of the project and putting it into an internal code repository. Tsvi Korren
Teams need to go into their internal code repositories and understand whether something was written from scratch or their developers incorporated an open-source project, Korren added.
Mackey advised that when taking inventory, teams should reach beyond open-source software.
SecureWorks Corp.
Secureworks Connect to Unite 1,200 Security Professionals as Threat Actors Exploit Silos and Gaps in Industry Solutions and Software Supply Chain
Secureworks Connect to Unite 1,200 Security Professionals as Threat Actors Exploit Silos and Gaps in Industry Solutions and Software Supply Chain
Company to announce initiatives to empower the cybersecurity community to fight adversaries at scale
ATLANTA, Jan. 22, 2021 (GLOBE NEWSWIRE) Secureworks® (NASDAQ: SCWX), a software-driven security solutions leader, today announced Secureworks Connect, a global virtual event that will convene approximately 1,200 security professionals on Feb. 9, 2021, to explore the transformative effects of data sciences and security analytics software in building a proactive security posture. Notable speakers include cybersecurity expert
What are Supply Chain Attacks, and How to Guard Against Them The three basic categories of supply chain attacks, why they’re especially devastating, and what can be done to guard against them.
Remediation of the fallout from the massive breach of SolarWinds network management tools – which affected up to 18,000 organizations – could cost companies billions.
In the breach, the attackers were able to compromise the update process of a widely used piece of SolarWinds software. In cybersecurity circles, this is referred to as a supply chain attack – an especially devastating variety of cyber aggression. By compromising just one vendor, attackers may get access to all the vendor’s customers.