Hot Topics

secure software supply chain

Navigating Australian ISM Guidelines for Software Development

Navigating Australian ISM Guidelines for Software Development

| | Compliance, Liability Regulation, secure software supply chain
In 2017, the Australian Cyber Security Centre (ACSC), a division of the Australian Signals Directorate (ASD), released the Information Security Manual (ISM). This comprehensive guide offers practical advice on safeguarding systems and ...
2024 Sonatype Blog
Securing development infrastructure: A new frontier in software supply chain security

Securing development infrastructure: A new frontier in software supply chain security

| | development infrastructure, secure software supply chain, software supply chain, Supply Chain Attacks
Software supply chains are indispensable to modern software development as they drive innovation and efficiency across industries. Yet, as vital as they are, these supply chains are also avenues for threats and ...
2024 Sonatype Blog
A ballet dancer sitting with her head in her hands

‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought

| | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity
Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...
Security Boulevard
A guide for open source software (OSS) security

A guide for open source software (OSS) security

| | DevZone, open source, secure software supply chain, software supply chain automation, Sonatype Lifecycle, Sonatype Repository Firewall
When you search for a dependable open source software (OSS) component to integrate into your software supply chain, evaluation of the component's security emerges as a critical task. This involves not only ...
Sonatype Blog NEW 2024
Closeup of person going “Shhh!”

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

| | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
Secure Software Development Attestation Form: Sonatype helps you comply

Secure Software Development Attestation Form: Sonatype helps you comply

| | CISA best practices, FEATURED, Federal, government, News and Views, secure software supply chain
On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) unveiled the final version of the Secure Software Development Attestation Form. This pivotal ...
Sonatype Blog
Securing software development with Sonatype Air-Gapped Environment (SAGE)

Securing software development with Sonatype Air-Gapped Environment (SAGE)

| | Federal, secure software supply chain, Security Vulnerabilities
Developers everywhere build modern applications from reusable pieces of code downloaded from repositories such as Maven Central ...
Sonatype Blog
A fork, wrapped in delicious pasta

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

| | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
Open source risk management: Safeguarding software integrity

Open source risk management: Safeguarding software integrity

| | licenses, open source risk management, secure software supply chain, Sonatype Lifecycle, Vulnerabilities
In the constantly shifting terrain of software supply chains, open source software (OSS) fulfills a dual mandate, propelling innovation forward and serving as the cornerstone of operational efficiency ...
Sonatype Blog
The Google WebP logo

Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug

| | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
Load more

Application Security Check Up