Date | Title | Description | Source |
20.03.2024 | Greggs Shut Down after IT Outage | Greggs, the baked goods purveyor made famous for their sausage rolls, have reportedly shut down acro... | digit.fyi/... |
28.02.2024 | StarCoder 2 is a code-generating AI that runs on most GPUs | Developers are adopting AI-powered code generators — services like GitHub Copilot and Amazon CodeWhi... | techcrunch... |
27.02.2024 | Sonatype Introduces Cutting-Edge AI/ML Component Detection | New features transform the way AI components are managed, empowering development teams to innovate r... | aithority.... |
08.12.2023 | Безопасность Supply Chain. Глава 2: как злонамеренные библио... | Bob: Alice, ты в прошлый раз меня убедила, что мне необходимо проверить свои сторонние зависимости в... | habr.com/r... |
17.10.2023 | Software Supply Chain Security Attacks Up 200%: New Sonatype... | Attacks on software supply chains increased dramatically in 2023, with an increase of 200% compared ... | techrepubl... |
11.10.2023 | Effective Cyber Defense: How Companies Can Adopt Threat Reco... | Chief Evangelist and Fellow, Team Cymru. | forbes.com... |
03.10.2023 | One in eight open source downloads have known and avoidable ... | This year has seen twice as many software supply chain attacks as 2019-2022 combined and one in eigh... | betanews.c... |
12.09.2023 | Developers turn to generative AI despite security risks | According to 800 developer (DevOps) and application security (SecOps) leaders surveyed, 97 percent a... | betanews.c... |
03.08.2023 | Supply chain worries drive adoption of SBOMs | Concerns around supply chain security, partly driven by President Biden's Executive Order on Improvi... | betanews.c... |
31.07.2023 | Palo Alto Networks Prisma Cloud Now Protects Software Delive... | Palo Alto NetworksSOPA Images/LightRocket via Getty Images | forbes.com... |
10.07.2023 | Software Providers Should Prepare For Liability Right Now—He... | Software developer, innovator, and entrepreneur who is most prominently known for his role as the CT... | forbes.com... |
04.07.2023 | Sonatype Repository Firewall Has Prevented Losses from Malic... | Sonatype, the pioneer of software supply chain management, has announced that Sonatype Repository Fi... | aithority.... |
12.06.2023 | Sonatype Launches in AWS Marketplace | Sonatype announced availability in AWS Marketplace, a digital catalog with thousands of software lis... | aithority.... |
22.05.2023 | PyPI из-за чрезмерной активности злоумышленников на два дня ... | Репозиторий Python-пакетов PyPI (Python Package Index) из-за чрезмерной вредоносной активности злоум... | habr.com/r... |
12.04.2023 | Google Cloud offers Assured Open Source Software for free | Image: Google
Open source software and software supply chain security risks continue to be a primary... | techrepubl... |
03.04.2023 | Менеджмент зависимостей в Javascript | Javascript стремительно развивается на протяжении уже более 20 лет. За это время появлялось огромное... | habr.com/r... |
27.03.2023 | Андрей Гейн: субъективные новости из мира Python... | Февральскую конференцию EkbPy в Екатеринбурге открывал Андрей Гейн со своим субъективным обзором гла... | habr.com/r... |
27.02.2023 | Should organizations swear off open-source software altogeth... | Open-source software is a nightmare for data security. According to Synopsys, while 96% of software ... | venturebea... |
24.02.2023 | 14 Smart Strategies For Establishing A Secure Software Suppl... | Just as contractors construct a building using established processes and plans as well as premade an... | forbes.com... |
11.02.2023 | А вы давно заглядывали внутрь ваших зависимостей?... | Задумывались ли вы о том, что находится внутри зависимостей, которые так или иначе подтягиваются в в... | habr.com/r... |
11.02.2023 | А вы давно заглядывали внутрь ваших зависимостей?... | Задумывались ли вы о том, что находится внутри зависимостей, которые так или иначе подтягиваются в в... | habr.com/r... |
01.02.2023 | New cloud platform aims to improve supply chain management | A new platform from Sonatype is designed to make it easier for developer and security teams to unite... | betanews.c... |
11.01.2023 | Four Cyber Risk Trends To Watch In 2023 And How Businesses C... | Steve Durbin is Chief Executive of Information Security Forum. He is a frequent speaker on the Board... | forbes.com... |
10.01.2023 | PyTorch разоблачил вредоносную цепочку зависимостей... | PyTorch обнаружил вредоносную зависимость с тем же именем, что и у библиотеки torchtriton во фреймво... | habr.com/r... |
09.12.2022 | Number of vulnerable Log4j downloads remains high one year o... | This week marks the first anniversary of the Log4j/Log4Shell vulnerability affecting the Java loggin... | betanews.c... |
06.12.2022 | Sonatype Applauded by Frost & Sullivan for Enabling Dete... | The software supply chain management platform reduces false positives, improves code quality, and au... | en.prnasia... |
25.11.2022 | Report: 96% of vulnerable open-source downloads are avoidabl... | Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innov... | venturebea... |
10.11.2022 | The Securing Open Source Software Act Is Good, but Whatever ... | Editor's note: A previous version of this article identified the OpenSSL vulnerability as critical. ... | lawfareblo... |
03.11.2022 | Backlogs, Backlogs Everywhere And Not A Minute To Spare | Liran Tancman, CEO, Rezilion. | forbes.com... |
25.10.2022 | How Arnica’s tool keeps supply chain and developers flowing ... | Register now for your free virtual pass to the Low-Code/No-Code Summit this November 9. Hear from ex... | venturebea... |
18.10.2022 | 96 percent of known open source vulnerabilities can be easil... | With more open source being consumed than ever before, attacks targeting the software supply chain h... | betanews.c... |
11.10.2022 | How Google Cloud is protecting the software supply chain in ... | Did you miss a session from MetaBeat 2022? Head over to the on-demand library for all of our feature... | venturebea... |
22.09.2022 | Software supply chain security gets its first Linux distro, ... | Image: Ralf/Adobe Stock
From software signing, to container images, to a new Linux distro, an emergi... | techrepubl... |
30.08.2022 | Google launches vulnerability reward program to secure open-... | Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand libr... | venturebea... |
25.08.2022 | Should Uncle Sam Worry About ‘Foreign’ Open-Source Software?... | Nationalism has come to software. While downloading TikTok or WeChat onto your cell phone isn’t quit... | lawfareblo... |
22.08.2022 | Malware floods npm and PyPi registries in supply-chain attac... | Researchers at security vendor Sonatype say they have found 186 malicious packages in the npm Javasc... | itnews.com... |
09.08.2022 | 10 malicious Python packages exposed in latest repository at... | Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly... | arstechnic... |
08.08.2022 | Юный программист разместил шифровальщика в репозитории PyPI ... | Исследователи из компании Sonatype обнаружили шифровальщика в официальном репозитории PyPI. В ходе р... | habr.com/r... |
08.08.2022 | Security Week 2232: вредоносные npm-пакеты | В свежем исследовании экспертов «Лаборатории Касперского» проанализирована вредоносная кампания Lofy... | habr.com/r... |
03.08.2022 | Malicious 'typosquat' Python packages with ransomware script... | Researchers at software supply chain management firm Sonatype have identified many malicious Python ... | computing.... |
27.07.2022 | Protestware on the rise: Why developers are sabotaging their... | Ax Sharma Contributor
Share on Twitter
Ax Sharma is a security researcher and reporter. His areas of... | techcrunch... |
27.06.2022 | В стороннем официальном репозитории Python были обнаружены в... | В официальном стороннем репозитории Python были обнаружены вредоносные пакеты. Данные зловреды краду... | habr.com/r... |
22.06.2022 | Aqua Security and CIS release first formal guidelines for so... | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI an... | venturebea... |
21.06.2022 | Researchers discover lack of confidence in state of open-sou... | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI an... | venturebea... |
27.05.2022 | ТОП-3 ИБ-событий недели по версии Jet CSIRT... | Сегодня в подборке новостей от Jet CSIRT — компрометация пакета PyPI и библиотеки PHP, вредоносная к... | habr.com/r... |
25.05.2022 | PyPI package 'ctx' and PHP library 'phpass' hijacked to obta... | Security researchers this week identified two corrupt Python and PHP packages in what appears to be ... | computing.... |
16.05.2022 | Как обеспечить безопасность сборки ПО: управляем внешними за... | Привет! Проблема управления безопасностью зависимостей — supply chain security — в настоящее время к... | habr.com/r... |
11.05.2022 | Backdoor in public repository used new form of attack to tar... | Enlarge
Getty Images reader comments 42 with 35 posters participating
Share this story
Share on Face... | arstechnic... |
08.05.2022 | ТОП-3 ИБ-событий недели по версии Jet CSIRT... | В каталоге PyPI обнаружено вымогательское ПО
Исследователи компании Sonatype обнаружили несколько вр... | habr.com/r... |
06.04.2022 | Getting Ready For The Next Log4Shell Vulnerability | Bernd Greifeneder is the CTO and Founder of Dynatrace, a software intelligence company that helps to... | forbes.com... |
04.04.2022 | Spring4Shell added to CISA’s list of exploited vulnerabiliti... | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - August 3. Join... | venturebea... |
04.04.2022 | Spring4Shell added to CISA’s list of exploited vulnerabiliti... | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI an... | venturebea... |
01.04.2022 | SpringShell: Patches released for critical zero-day | The Spring team has released an emergency patch to address a new critical remote code execution (RCE... | computing.... |
29.03.2022 | Локальные репозитории пакетов | Всем привет! Сегодня хочу поделиться нашими мыслями относительно того, как можно защитить свою разра... | habr.com/r... |
20.03.2022 | The risk of undermanaged open source software | Did you miss a session at the Data Summit? Watch On-Demand Here.
There are a lot of myths surroundin... | venturebea... |
20.03.2022 | The risk of undermanaged open source software | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI an... | venturebea... |
18.03.2022 | Open source dev sabotages own library to target Russian and ... | Brandon Nozaki Miller, maintainer of the popular library npm-ipc, has updated the package with new c... | computing.... |
08.03.2022 | Ransomware contained in typosquat Python scripts | Researchers at Sonatype have identified multiple malicious Python packages that contain ransomware s... | betanews.c... |
04.03.2022 | Researchers warn of malicious typosquatting packages making ... | Researchers at software supply chain management firm Sonatype have warned that attackers are increas... | computing.... |
10.02.2022 | CVP Vasu Jakkal: Staying on top of cybersecurity threats is ... | With a 1,070 percent increase in ransomware attacks year-over-year between July 2020 and June 2021, ... | marketscre... |
03.02.2022 | Power Moves: Margaret Roth Falzon is now COO at Squadra Vent... | Power Moves is a column where we chart the comings and goings of talent across the region. Got a new... | technical.... |
27.01.2022 | Sonatype Exceeds $100M in ARR, Names First President as Dema... | - Addition of proven leader Alex Berry, largest Q4 ever, and 200+ new hires bolster momentum for 202... | marketscre... |
27.01.2022 | Sonatype, which secures open source code, lays groundwork fo... | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI an... | venturebea... |
27.01.2022 | Sonatype, which secures open source code, lays groundwork fo... | Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-dem... | venturebea... |
21.01.2022 | Cisco : Protecting Secrets / Variables Using HashiCorp Vault... | Recently I was asked to create a new integration between Cisco ASD (Automated Software Distribution)... | marketscre... |
20.01.2022 | Software Supply Chain Security Specialist Codenotary Raises ... | Codenotary, the immutability specialist that can instantly identify untrusted components in software... | marketscre... |
19.01.2022 | Cisco : Protecting Secrets / Variables Using HashiCorp Vault... | Recently I was asked to create a new integration between Cisco ASD (Automated Software Distribution)... | marketscre... |
16.01.2022 | FOSS News №104 — дайджест материалов о свободном и открытом ... | Всем привет!
Продолжаем дайджесты новостей и других материалов о свободном и открытом ПО и немного о... | habr.com/r... |
26.12.2021 | FOSS News №103 — дайджест материалов о свободном и открытом ... | Всем привет!
Продолжаем дайджесты новостей и других материалов о свободном и открытом ПО и немного о... | habr.com/r... |
24.12.2021 | Прозрачно кешируем несколько Container Registry в CRI-O и Po... | Возможно, вы уже активно используете CRI-O и Podman, а может только смотрите на альтернативы Docker ... | habr.com/r... |
08.12.2021 | You can’t stop the ‘next SolarWinds’ — but you can slow it d... | Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of ... | venturebea... |
08.12.2021 | You can’t stop the ‘next SolarWinds’ — but you can slow it d... | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI an... | venturebea... |
01.12.2021 | Aqua Security acquires Argon to protect the software supply ... | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI an... | venturebea... |
01.12.2021 | Aqua Security acquires Argon to protect the software supply ... | Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of ... | venturebea... |
29.10.2021 | Специалисты Sonatype обнаружили NPM-пакеты, распространявшие... | Не успели специалисты Sonatype обнаружить в этом месяце вредоносное ПО для майнинга криптовалюты в т... | habr.com/r... |
24.10.2021 | FOSS News №93 — дайджест материалов о свободном и открытом П... | Всем привет!
Продолжаем дайджесты новостей и других материалов о свободном и открытом ПО и немного о... | habr.com/r... |
13.10.2021 | Tech giants commit $10M annually to Open Source Security Fou... | The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agili... | venturebea... |
13.10.2021 | Tech giants commit $10M annually to Open Source Security Fou... | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI an... | venturebea... |
23.09.2021 | Software supply chain platform Cloudsmith raises $15M Series... | Cloudsmith, a cloud platform for software supply chain management, has raised a $15 million Series A... | techstart.... |
22.09.2021 | Software supply chain platform Cloudsmith raises $15M Series... | Cloudsmith, a cloud platform for software supply chain management, has raised a $15 million Series A... | techcrunch... |
15.09.2021 | Next-gen software supply chain attacks up 650% in 2021 | The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agili... | venturebea... |
15.09.2021 | Why open source software supply chain management is worse th... | Image: Shutterstock/LeoWolfert
The seventh annual State of the Software Supply Chain Report from Son... | techrepubl... |
15.09.2021 | Next-gen software supply chain attacks up 650% in 2021 | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI an... | venturebea... |
15.09.2021 | Open source is fueling digital transformation | Developer demand for open source increased 73 percent over the last year and in 2021 developers arou... | betanews.c... |
27.07.2021 | Fugue: 36% of organizations have suffered a serious cloud le... | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI an... | venturebea... |
27.07.2021 | Fugue: 36% of organizations have suffered a serious cloud le... | Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-dem... | venturebea... |
22.07.2021 | Tracking The Trail Of Software: The Key To Boosting Security | Don’t fall prey to cyberattacks. Secure your software trail. | forbes.com... |
22.07.2021 | 36 percent of organizations have suffered a serious cloud br... | A new survey of 300 cloud professionals finds that 36 percent of organizations have suffered a serio... | betanews.c... |
29.06.2021 | Mimecast : Improving the Security of Your Supply Chain Throu... | An organization is only as secure as its supply chain…
Key Points:
A company's cyber vulnerabilities... | marketscre... |
23.06.2021 | Ahoy, there’s malice in your repos—PyPI is the latest to be ... | Enlarge
Getty Images reader comments 76 with 59 posters participating
Share this story
Share on Face... | arstechnic... |
16.06.2021 | Sonatype Launches Novel Deep Code Analysis Platform Designed... | The cloud-native platform, Sonatype Lift, enables developers to find and fix performance, reliabilit... | aithority.... |
15.06.2021 | New deep code analysis platform helps developers eliminate b... | As recent high-profile attacks have shown, bad actors are increasingly going after software supply c... | betanews.c... |
15.06.2021 | Sonatype Launches Novel Deep Code Analysis Platform Designed... | FULTON, Md., June 15, 2021 (GLOBE NEWSWIRE) -- Sonatype, the leader in developer-friendly tools for ... | marketscre... |
24.05.2021 | What’s a software bill of materials? A CTO clued us in on th... | There’s a lot to unpack in the federal government’s new cybersecurity executive order, which was sig... | technical.... |
05.05.2021 | New pack helps developers manage open source licenses and co... | Although many organizations rely on the software, managing open source licenses and compliance can b... | betanews.c... |
27.04.2021 | Why the rise of containers has created a vulnerability crisi... | By Nick Forrester
Senior News Editor
Tue, 27th Apr 2021
#
Breach Prevention
#
Cybersecurity
#
DevOps... | securitybr... |
13.04.2021 | Synopsys: 84% of codebases contain an open source vulnerabil... | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI an... | venturebea... |
13.04.2021 | Synopsys: 84% of codebases contain an open source vulnerabil... | Join GamesBeat Summit 2021 this April 28-29. Register for a free or VIP pass today.
The number of co... | venturebea... |
07.04.2021 | WhiteSource raises $75M to move beyond open source security ... | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI an... | venturebea... |
07.04.2021 | WhiteSource raises $75M to move beyond open source security ... | Join GamesBeat Summit 2021 this April 28-29. Register for a free or VIP pass today.
WhiteSource, a p... | venturebea... |