Cyber Risk

Cyber Risk
Barak Brudo / November 22, 2022 The rise of the SBOM—Our take on Gartner’s Innovation Insight report for SBOMs

With the growing use of third-party components and lengthy software supply chains, attackers can now compromise many software packages simultaneously via a single exploit. In response to this new attack vector, more development and DevOps teams, as well as security professionals, are looking to incorporate a Software Bill of Materials (SBOM). The software supply chain […]

Read more
Cyber RiskAn image of highlighted text
Barak Brudo / November 11, 2022 Graph for Understanding Artifact Composition (GUAC): Key highlights

The risks faced by software supply chains have taken their place at the forefront of conversations in the cybersecurity ecosystem. This is partly due to the increased frequency of these supply chain attacks, but also because of the potentially far-reaching impacts they have when they do happen. Figures from 2021 showed software supply chain attacks […]

Read more
Cyber RiskAn image of a man struggling to meet deadlines
Barak Brudo / October 19, 2022 Taking software supply chain security to the next level with the latest OMB memo-are you ready to meet the deadline?

The global software supply chain is always under threat from cyber criminals who threaten to steal sensitive information or intellectual property and compromise system integrity. These issues may impact commercial companies as well as the government’s ability to securely and reliably deliver services to the public.  The United States Office of Management and Budget (OMB) […]

Read more
Cyber Risk
Barak Brudo / October 03, 2022 Don’t be the weakest link: The role of developers in securing the software supply chain

When three U.S. government agencies get together to “strongly encourage” developers to adopt certain practices, you should pay attention. The CISA, NSA, and ODNI, in recognition of the threat of cyber-hackers and in the wake of the SolarWinds attack, announced that they will be  jointly publishing a collection of recommendations for securing the software supply […]

Read more
Cyber RiskAn image of a knock out
Barak Brudo / September 19, 2022 How can you make sure your bottom line doesn’t get knocked out by the OMB Memo?

The US government is in the process of revamping its cybersecurity policies. This includes the release of Secure Software Development Framework (SSDF) version 1.1 by the National Institute of Standards and Technology (NIST), which aims to reduce security vulnerabilities across the Software Development Life Cycle (SDLC). The document provides software vendors and acquirers with “a […]

Read more
Cyber RiskIconBurst Article Image
Barak Brudo / July 20, 2022 IconBust, a new NPM attack

A new software supply chain attack designed to extract data from applications and websites was found in over two dozen NPM packages.

Read more
Cyber Riskbanner
Barak Brudo / June 20, 2022 Evaluate Your Source Control Security Posture with GitGat

GitGat is a set of self-contained OPA (Open Policy Agent) policies written in Rego. GitGat evaluates the security settings of your SCM account and provides you with a status report and actionable recommendations.

Read more
Cyber RiskScreenshot
Barak Brudo / June 20, 2022 What’s hiding in your code?

You cannot trust the signed products and updates of vendors and your very own code might have already been modified or added to. What, then, can you do to really be certain you are not installing malicious files into your system?

Read more
Cyber RiskSSDF FINAL VERSION
Barak Brudo / May 12, 2022 SSDF (NIST 800-218) final version – differences from the draft and their implications for you

On March 22nd NIST released the final version of the SSDF 1.1 (Secure software development framework). We’ll take a look at some of the differences between the final version and the previous draft.

Read more
Cyber RiskCache Poisoning
Mikey Strauss / March 30, 2022 GitHub Cache Poisoning

Do you know what happens under the hood of your CI? Without deep understanding, you might be vulnerable to innovative supply chain attacks. This article describes such an attack.

Read more
1 2