Cyber Risk

Cyber RiskAn image illustrating OpenSSL
Barak Brudo / March 06, 2023 The story of the OpenSSL patch 3.0.7 and the lessons you can learn from it

OpenSSL is a widely-used open-source software library for implementing secure communications over computer networks. How widely used? Well, chances are that if you’ve ever accessed an HTTPS web page you did so over an OpenSSL encryption. The library provides cryptographic functions and protocols for data encryption, decryption, authentication, and digital signature verification. OpenSSL can be […]

Read more
Cyber RiskAn image illustrating EU law
Barak Brudo / February 27, 2023 Defending Your Digital Services: An Inside Look at the European Cyber Resilience Act

Successful cyberattacks against both hardware and software products are becoming disturbingly frequent. According to Cybersecurity Ventures, cybercrime cost the world an estimated 7 trillion USD in 2022. With such a high price tag there is no wonder that both companies and governments are taking notice. The U.S. led the way with the presidential executive order […]

Read more
Cyber RiskAn image illustrating CI/CD pipeline
Barak Brudo / February 22, 2023 From Vulnerability to Victory: Defending Your CI/CD Pipeline

Automated CI/CD (Continuous Integration/Continuous Delivery) pipelines are used to speed up development. It is awesome to have triggers or scheduling that take your code, merge it, build it, test it, and ship it automatically. However, having been built for speed and ease of use means that most pipelines are not inherently built with security in […]

Read more
Cyber Risk
Barak Brudo / February 15, 2023 What does the future hold for VEX? And how would it affect you?

The rate at which new vulnerabilities are disclosed is constantly increasing. It currently stands at an average of 15,000 CVEs per year. 2022 stands out with over 26,000 new CVEs reported. Obviously, not all vulnerabilities are relevant to your software. To figure out if a particular vulnerability is a problem, you first need to figure […]

Read more
Cyber RiskImage illustrating comparison
Barak Brudo / February 09, 2023 SPDX vs. CycloneDX: SBOM Formats Compared

Despite the growing adoption of the Software Bill of Materials (SBOM) to serve as a vulnerability management and cybersecurity tool, many organizations still struggle to understand the two most popular SBOM formats in use today, SPDX and CycloneDX. In this article, we will compare these two formats to help you choose the right one for […]

Read more
Cyber Risk
Barak Brudo / January 04, 2023 GitHub vulnerabilities parallel research

Last month I came upon this article from Dark Reading. It looked very familiar. It didn’t take me long to realize that the GitHub cross-workflow artifact poisoning vulnerability discussed in the article bore a striking resemblance to the GitHub cross-workflow cache poisoning vulnerability we reported on in March 2022.  GitHub workflows—A key component of GitHub […]

Read more
Cyber Risk
Barak Brudo / November 22, 2022 The rise of the SBOM—Our take on Gartner’s Innovation Insight report for SBOMs

With the growing use of third-party components and lengthy software supply chains, attackers can now compromise many software packages simultaneously via a single exploit. In response to this new attack vector, more development and DevOps teams, as well as security professionals, are looking to incorporate a Software Bill of Materials (SBOM). The software supply chain […]

Read more
Cyber RiskAn image of highlighted text
Barak Brudo / November 11, 2022 Graph for Understanding Artifact Composition (GUAC): Key highlights

The risks faced by software supply chains have taken their place at the forefront of conversations in the cybersecurity ecosystem. This is partly due to the increased frequency of these supply chain attacks, but also because of the potentially far-reaching impacts they have when they do happen. Figures from 2021 showed software supply chain attacks […]

Read more
Cyber RiskAn image of a man struggling to meet deadlines
Barak Brudo / October 19, 2022 Taking software supply chain security to the next level with the latest OMB memo

The global software supply chain is always under threat from cyber criminals who threaten to steal sensitive information or intellectual property and compromise system integrity. These issues may impact commercial companies as well as the government’s ability to securely and reliably deliver services to the public.  The United States Office of Management and Budget (OMB) […]

Read more
Cyber Risk
Barak Brudo / October 03, 2022 Don’t be the weakest link: The role of developers in securing the software supply chain

When three U.S. government agencies get together to “strongly encourage” developers to adopt certain practices, you should pay attention. The CISA, NSA, and ODNI, in recognition of the threat of cyber-hackers and in the wake of the SolarWinds attack, announced that they will be  jointly publishing a collection of recommendations for securing the software supply […]

Read more
1 2