This complexity means numerous avenues exist for attackers, including open-source software repositories. According to GitHub, 85-97% of enterprise codebases come from open-source repositories. Npm and PyPI repositories have seen a 300% increase in attacks over the past four years. For example, IconBurst is a prime illustration of today's...
Software Supply Chain Attacks Analysis 3CX is a well-known company providing VoIP and Unified Communications products. They claim to have over 600,000 installations and 12M daily users. Undoubtedly a tempting target for bad actors. By the end of March 3CX was attacked in a sophisticated software supply...
However, the software supply chain has become an increasingly popular target for cybercriminals seeking to infiltrate software and compromise its security. One of the methods used by attackers to achieve this is code tampering, which is the process of modifying a software's source code to...
As businesses increasingly rely on software to operate, the security of the software supply chain becomes more critical. A software supply chain is the process of creating and delivering software, from development to deployment. Insecure software can lead to significant data breaches, financial loss, and...
Software supply chain security is critical to the functioning and safety of all modern-day software. However, with the rapid growth of software development on GitHub, there is an increase in the risk of malware injection. Malware injection can cause data theft, system damage, and reputational...
Code tampering refers to the unauthorised modification or alteration of source code during software application development, testing, or deployment. This malicious activity can have devastating consequences, from introducing security vulnerabilities to altering the intended behaviour of the software, causing it to fail in unexpected ways. Code tampering...
Modern software development is a complex process that increasingly involves more actors and different components, highlighting the adoption of open source which now accounts for more than 3 billion component downloads in different repositories. The rate of code adoption is still growing at rates greater...
As a developer or member of a DevOps team, securing the pipeline is of utmost importance. The pipeline is the suite of processes and tools that are used to build, test, and deploy code changes to production environments. If your pipeline is not secure, it can lead...
As a Chief Information Security Officer, CIO, or DevOps engineer, it's essential to ensure that your platform is correctly configured to deliver stable and reliable services to your users. However, misconfigurations can occur for various reasons, ranging from human error to changes in your infrastructure....
Continuous integration and continuous delivery (CI/CD) pipelines are the foundation of any software organization that builds software in a "modern" way. Automation provides great power, but most developers miss the responsibility it entails. Developer: Yeah, we take CI/CD security seriously and have strong control on code maintainers, review...
In software development we depend on both own and third-party components or artifacts. A flexible Dependency Management is essential for modern software. Package managers like NPM, Maven, pip or NuGet are often used to specify software dependencies. These tools were designed with convenience and ease-of-use in mind, not security. The problem The problem...
Software technology evolved, and hackers evolved with it. The arms-race with bad actors was mostly restricted to vulnerabilities and attacks directed at the deployed software. Attacking the software supply chain, albeit not unseen, was not the primary target for the bad guys...
