software supply chain security
That was then, this is now….Modernizing AppSec in Fast-Paced Development Environments
You are the weakest link. Hello. Ninety-one percent of organizations experienced at least one software supply chain security incident in 2023. Chances are the other 9% are riding their luck: The ...
Five Gartner Reports. Four Categories. What Does OX Security Do Anyway?
Analyst firms play an important role in the tech vendor landscape. Their reports help buyers and would-be buyers learn about vendors and their offerings. In cybersecurity, in particular, buyers use analysts’ outputs ...
Securing Artifacts: Keyless Signing with Sigstore and CI/MON
Artifact integrity is crucial in maintaining software security and trustworthiness. High-profile breaches like SolarWinds, CodeCov, 3CX, and JumpCloud have shown how altering artifact contents can lead to significant security vulnerabilities, enabling attackers ...
What Is Application Detection and Response (ADR)?
Application detection and response (ADR) is an emerging cybersecurity category that focuses on application visibility, protection, and remediation. ADR is a comprehensive and proactive approach to application security that incorporates automation, prioritization, ...
A Top-Ten List You Don’t Want to Be On
OX Research Maps Most Common Supply Chain Vulnerabilities to Attacker TTPs For our recent threat research report, OSC&R in the Wild: A New Look at the Most Common Software Supply Chain Exposures, ...
Third-Party Trust Issues: AppSec Learns from Polyfill
By now, you’ve likely seen the LinkedIn posts, the media stories, and even some formerly-known-as “Tweets”: The latest exploit to hit front pages is the malicious use of polyfill.io, a popular library ...
Managing Transitive Vulnerabilities
Transitive vulnerabilities are developers’ most hated type of security issue, and for good reason. It’s complicated enough to monitor for and fix direct vulnerabilities throughout the software development lifecycle (SDLC). When software ...
Runtime Enforcement: Software Security After the Supply Chain Ends
Runtime enforcement is the future of software security, if we can only make it accessible to the developers that understand their applications the best ...
Press Release: OX Security and HCLSoftware Announce Strategic Partnership to Launch AppScan Supply Chain Security
New OEM Capabilities, Empower Organizations to Deliver a Modern Approach to Application Security New York, NY, and Tel Aviv, Israel – May 7, 2024 – Today, OX Security, the largest Active ...
Bridging the Gap: Uniting Development and AppSec
We recently hosted a webinar on integrating development and security functions to increase organizational resilience. Industry leaders from Repsol, SAP, Payhawk, Rakutan, Vodafone, and IQUW discussed how aligning these crucial areas enhances ...
