handmade.social

0 posts0 participants0 posts today

anchore🚀 Part 2 is live! Dive into the evolution of SBOMs from Release to Production in our final installment. Enhance your software security today. Read here 👉 <a href="https://anchore.com/blog/the-evolution-of-sboms-in-the-devsecops-lifecycle-part-2/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://anchore.com/blog/the-evolution-of-sboms-in-the-devsecops-lifecycle-part-2/</a> <a href="https://mstdn.business/tags/SBOM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBOM</a> <a href="https://mstdn.business/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DevSecOps</a> <a href="https://mstdn.business/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChainSecurity</a>

Dan Fernandez :verified: :mastodon:Interesting finding on application dependencies from Sonatype State of Open Source Report. Most Pulled Ecosystems - JS: 4.5 Trillion - Python: 530 Billion Outdated software continued to be pulled - 13% of Log4J downloads are vulnerable - 80% of Application dependencies are never upgradedLanguage Ecosystems Coverage - Only 10.5% of open-source components are actively used out of the 7 million available - 180 is the average number of Open Source components per application Vulnerability Remediation - The report states the average fix times for even critical vulnerabilities is 200-250 days, with some taking over 500 days to fix.What application frameworks are you mostly using in your environment? What makes it challenging for application development teams to keep all dependencies up to date during initial development and once in production? <a href="https://infosec.exchange/tags/applicationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#applicationsecurity</a> <a href="https://infosec.exchange/tags/supplychainsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#supplychainsecurity</a> <a href="https://infosec.exchange/tags/applicationdevelopers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#applicationdevelopers</a>

LMG SecuritySoftware supply chain vulnerabilities can put your organization at risk before you or your vendor know there is an issue. Watch this 9-minute case study to see how an unknown <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> vulnerability in a commonly used <a href="https://infosec.exchange/tags/software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#software</a> can turn into a <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#databreach</a> and learn how to reduce your risk! <a href="https://youtu.be/cB8iriZJ57k" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/cB8iriZJ57k</a><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChainSecurity</a> <a href="https://infosec.exchange/tags/VendorRisk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VendorRisk</a> <a href="https://infosec.exchange/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetworkSecurity</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/riskmanagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#riskmanagement</a>

Guardians Of Cyber🔐 Crypto enthusiasts, beware! Multi-vector supply chain attacks are on the rise, targeting trusted platforms through compromised libraries and Trojanized updates. 🛡️ Regular audits and SBOMs can help secure your assets.How do you ensure your digital wallets stay safe from complex threats? Share your insights!🔗 Read more: <a href="https://guardiansofcyber.com/threats-vulnerabilities/multi-vector-attacks-digital-wallets/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://guardiansofcyber.com/threats-vulnerabilities/multi-vector-attacks-digital-wallets/</a><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/GuardiansOfCyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GuardiansOfCyber</a> <a href="https://infosec.exchange/tags/CryptoSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CryptoSecurity</a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChainSecurity</a> <a href="https://infosec.exchange/tags/DataProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataProtection</a> <a href="https://infosec.exchange/tags/DigitalSafety" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalSafety</a> <a href="https://infosec.exchange/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechNews</a> <a href="https://infosec.exchange/tags/Blockchain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Blockchain</a> <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a>

Annual Computer Security Applications ConferenceFinally, we had Walther-Puri's "Beyond the XBOM: A Holistic Approach to Cyber Supply Chain Risk" discuss integrating tech supply chain security considering geopolitical and national risks. (<a href="https://www.acsac.org/2023/program/final/s324.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.acsac.org/2023/program/final/s324.html</a>) 5/5 <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChainSecurity</a> # Cybersecurity

packagistTo celebrate Cyber Security Awareness month, join me in taking a closer look at how Composer and Packagist help you manage reported vulnerabilities in your software supply chain. <a href="https://blog.packagist.com/discover-security-advisories-with-composers-audit-command/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.packagist.com/discover-security-advisories-with-composers-audit-command/</a> <a href="https://phpc.social/tags/composerphp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#composerphp</a> <a href="https://phpc.social/tags/phpc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phpc</a> <a href="https://phpc.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://phpc.social/tags/php" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#php</a> <a href="https://phpc.social/tags/supplychainsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#supplychainsecurity</a>

JannekeIf you run "guix pull" today, you get a package graph of more than 22,000 nodes rooted in a 357-byte program---something that had never been achieved, to our knowledge, since the birth of Unix: a Full-Source Bootstrap.Edit: Add blog post link inline <a href="https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-building-from-source-all-the-way-down/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-building-from-source-all-the-way-down/</a><a href="https://todon.nl/tags/GnuMes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GnuMes</a> <a href="https://todon.nl/tags/bootstrappable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bootstrappable</a> <a href="https://todon.nl/tags/BootstrappableBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BootstrappableBuilds</a> <a href="https://todon.nl/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ReproducibleBuilds</a> <a href="https://todon.nl/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChainSecurity</a> <a href="https://fosstodon.org/@reproducible_builds" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@reproducible_builds</a> <a href="https://hostux.social/@fsf" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@fsf</a> <a href="https://mastodon.social/@fsfe" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@fsfe</a>

Recent searches

Search options

Administered by:

Server stats:

#supplychainsecurity