Our Blog

Cyber RiskHand holding the infinity sign
Barak Brudo CI/CD Security Best Practices

The specifics of what happens inside CI/CD pipelines are infamously opaque. Despite having written the YAML config file, which is the pipeline list of instructions, how can you be certain that everything happens precisely as it is described? Even worse, the majority of pipelines are entirely transient, so even in the event of a malfunction, […]

Read more
Cyber RiskImage of requirements
Doron Peri How To Uphold Security Standards in the SDLC and Address SSDF Requirements

The Secure Software Development Framework (SSDF), AKA NIST SP800-218, is a set of guidelines developed by NIST in response to Executive Order 14028, which focuses on enhancing the cybersecurity posture of the United States, particularly concerning software supply chain security.  SSDF is a best practices framework, not a standard. While particularly relevant to organizations that […]

Read more
Cyber RiskImage of reaching levels
Danny Nebenzahl What You Need To Do To Reach SLSA Levels – A Very Hands-On Guide

Background SLSA (Supply-chain Levels for Software Artifacts) is a security framework aiming to prevent tampering, improve integrity, and secure packages and infrastructure. The core concept of SLSA is that a software artifact can be trusted only if it complies with three requirements: The artifact should have a Provenance document describing its origin and building process […]

Read more
Cyber RiskImage of dice of risk
Nir Peleg Using SBOM and Feeds Analytics to Secure Your Software Supply Chain

״Software vendors must be held liable when they fail to live up to the duty of care they owe consumers, businesses, or critical infrastructure providers ״(the White House). Today, any software provider is expected to assume greater responsibility for ensuring the integrity and security of software through contractual agreements, software releases and updates, notifications, and […]

Read more
Cyber Riskshift left image
Rubi Arbel Striking Balance: Redefining Software Security with ‘Shift Left’ and SDLC Guardrails

TL;DR In recent years, the tech industry has fervently championed the concept of “shifting left” in software development, advocating for early integration of security practices into the development lifecycle. This movement aims to empower developers with the responsibility of ensuring their code’s security from the project’s inception. However, while the intentions behind this approach are […]

Read more
Cyber RiskML BOM
Danny Nebenzahl ML-What? Understanding the ML-Bom Concept and Uses

The industry has not yet fully grasped the idea of an SBOM, and we already started hearing a new term – ML-BOM – Machine Learning Bill of Material. Before panic sets in, let’s understand why such a BOM should be produced, the challenges in generating an ML-BOM, and what such an ML-BOM can look like. […]

Read more
Cyber Risk
Danny Nebenzahl A Secret Encounter in the Software Supply Chain

One of the risks of the software supply chain is secrets leaking. Secrets are all around the software supply chain; developers and the CI\CD pipelines need to use secrets to access the SCM, the pipeline, the artifact registries, the cloud environments, and external services. And when secrets are everywhere, it is a question of time […]

Read more
Cyber RiskAn image of a chessboard
Barak Brudo What Has Changed in NIST’s Cybersecurity Framework 2.0 and Why Should You Care?

In early August, the U.S. National Institute of Standards and Technology (NIST) released a draft 2.0 version of its landmark Cybersecurity Framework, first published in 2014. A lot has changed over the past 10 years, not least of which is the rising level of cybersecurity threats that the original document set out to help critical […]

Read more
Cyber RiskAn image representing the dependency graph
Mikey Strauss CycloneDX SBOM Dependency Graph – What Is It Good For?

We’ve all heard a lot about SBOMs recently. We heard about their usefulness, their composition, and their requirements for security and regulation. This time I want to take the time to talk about a little less-known segment of the CyclonDX SBOM – the Dependency Graph.  Unlike the name implies the Dependency Graph is not a […]

Read more
Cyber RiskAn image of a broken puzzle
Barak Brudo SBOM Signing: Resolving An Ever-Changing Jigsaw

A lot of words have been written in the past few years about the SBOM – Software Bill Of Materials. With all this exposure people feel they know what it is well enough to explain – it’s a list of software ingredients, it’s important for transparency and security, and it helps expose transient dependencies. All […]

Read more
1 2 3 4