Cyber Risk

Cyber RiskAn image of compass over code
Doron Peri Navigating NSA’s SBOM Guidelines: Essential Steps for Effective Software Supply Chain Security

In today’s digital landscape, software security is paramount. The National Security Agency (NSA), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), has established comprehensive guidelines for Software Bill of Materials (SBOM) Management. These guidelines are crucial for organizations aiming to bolster their cybersecurity posture and mitigate risks in their software supply chain. Why […]

Read more
Cyber RiskBest practices image
Nir Peleg Software Supply Chain Security: The Top 7 Best Practices You Need to Know

In today’s interconnected digital landscape, ensuring the security of your software supply chain is paramount. The software supply chain encompasses all the processes and components involved in developing, building, and deploying software, and it is increasingly targeted by cyberattacks. Having worked with numerous companies and leveraging vast industry experience, I can confidently share some of […]

Read more
Cyber RiskImage of backdoor
Danny Nebenzahl SBOM Tools to the Rescue – the XZ Utils Backdoor Case

What is the XZ Utils (CVE-2024-3094) Backdoor? CVE-2024-3094, published at the beginning of April 2024, is a backdoor maliciously inserted into a Linux utility. It was detected by Andres Freund, a curious and security-aware Microsoft software engineer, on the verge of being integrated into main Linux distributions. Had this succeeded, an unimaginable number of servers […]

Read more
Cyber RiskImage of clarity
Mikey Strauss From Chaos to Clarity: Navigating Policy Engine for Compliance

Welcome back to the second part of our blog series, where we delve deeper into the potent capabilities of Valint. In this article, we’ll focus on Valint’s policy engine and its pivotal role in assuring compliance throughout your supply chain. In our previous blog post, we provided an overview of Valint’s design principles. How the Policy Engine […]

Read more
Cyber RiskImage of application security
Barak Brudo What is ASPM?®

With the increasing complexity of applications and the proliferation of security threats, ensuring the security of software applications has become a significant challenge for organizations. Application Security Posture Management (ASPM) emerges as a solution to these challenges, providing a framework for improving visibility, managing vulnerabilities, and enforcing security controls across the software development lifecycle. The […]

Read more
Cyber RiskHand holding the infinity sign
Barak Brudo CI/CD Security Best Practices

The specifics of what happens inside CI/CD pipelines are infamously opaque. Despite having written the YAML config file, which is the pipeline list of instructions, how can you be certain that everything happens precisely as it is described? Even worse, the majority of pipelines are entirely transient, so even in the event of a malfunction, […]

Read more
Cyber RiskImage of requirements
Doron Peri How To Uphold Security Standards in the SDLC and Address SSDF Requirements

The Secure Software Development Framework (SSDF), AKA NIST SP800-218, is a set of guidelines developed by NIST in response to Executive Order 14028, which focuses on enhancing the cybersecurity posture of the United States, particularly concerning software supply chain security.  SSDF is a best practices framework, not a standard. While particularly relevant to organizations that […]

Read more
Cyber RiskImage of reaching levels
Danny Nebenzahl What You Need To Do To Reach SLSA Levels – A Very Hands-On Guide

Background SLSA (Supply-chain Levels for Software Artifacts) is a security framework aiming to prevent tampering, improve integrity, and secure packages and infrastructure. The core concept of SLSA is that a software artifact can be trusted only if it complies with three requirements: The artifact should have a Provenance document describing its origin and building process […]

Read more
Cyber RiskImage of dice of risk
Nir Peleg Using SBOM and Feeds Analytics to Secure Your Software Supply Chain

״Software vendors must be held liable when they fail to live up to the duty of care they owe consumers, businesses, or critical infrastructure providers ״(the White House). Today, any software provider is expected to assume greater responsibility for ensuring the integrity and security of software through contractual agreements, software releases and updates, notifications, and […]

Read more
Cyber Riskshift left image
Rubi Arbel Striking Balance: Redefining Software Security with ‘Shift Left’ and SDLC Guardrails

TL;DR In recent years, the tech industry has fervently championed the concept of “shifting left” in software development, advocating for early integration of security practices into the development lifecycle. This movement aims to empower developers with the responsibility of ensuring their code’s security from the project’s inception. However, while the intentions behind this approach are […]

Read more
1 2 3 5