As software supply chains grow increasingly interconnected, security threats continue to evolve. While common risks like third-party vulnerabilities and dependency issues are well-known, less-common ...
AI agents, prompts, and MCP tools now shape software builds, forcing teams to track provenance beyond packages and generated ...
In the beginning, we identified two major types of software supply chain attacks and nine minor types. The world keeps insisting on a broader definition. In the spring of 2020, it really mattered to ...
Software supply chain attacks are becoming more frequent and introducing bigger consequences. This highlights the need for a structured response by policymakers and the security community, which is ...
When AI-assisted vulnerability discovery makes it dramatically easier to identify weaknesses hidden inside modern dependency ...
A major area of concern for IT security teams is how to tackle the challenges posed by the increasing use of third-party platforms and services. The need for security that spans third parties applies ...
Cassie is a former deputy editor who collaborated with teams around the world while living in the beautiful hills of Kentucky. Focusing on bringing growth to small businesses, she is passionate about ...
Sonatype’s 9th annual State of the Software Supply Chain also covers regulations and how AI could help developers protect organizations from security risks. Attacks on software supply chains increased ...
The Fast Company Executive Board is a private, fee-based network of influential leaders, experts, executives, and entrepreneurs who share their insights with our audience. It’s more important than ...
SolarWinds and Log4j have made software supply chain security issues a topic of intense interest and scrutiny for businesses and governments alike. SolarWinds was a terrifying example of what can go ...
Last year’s MOVEit and 3CX vulnerabilities offered a stark reminder of the risk insecure VPN appliance pose today. Threat actors exploit vulnerabilities to infiltrate a software provider’s network and ...
The rise of cyber attacks against software companies such as SolarWinds and the discovery of security vulnerabilities in popular open source software like Log4j used in critical systems have cast the ...