Cyber Risk

In today’s rapidly evolving software development landscape, security and compliance have become paramount. As organizations increasingly rely on third-party components and open-source software, understanding what’s inside your software has never been more critical. Enter the Software Bill of Materials (SBOM)—a detailed list of all components, libraries, and dependencies that make up your software. Integrating SBOMs […]

Securing Your Software Supply Chain begins with the Discovery and Governance of Your ‘Software Factory’ In today’s software development environment, teams handle decentralized assets such as code repositories, build pipelines, and container images. While this distributed model offers flexibility and speeds up production, it also fragments assets and complicates governance and security oversight, especially as […]

With the increased complexity of software supply chains, managing and securing software components has become more challenging. To tackle this, a Software Bill of Materials (SBOM) has emerged as a crucial tool for ensuring security, transparency, and compliance in the software development lifecycle. An SBOM is a comprehensive record of all components used in creating […]

On June 20, 2024, Gartner released its influential Leader’s Guide to Software Supply Chain Security, highlighting the growing need to defend against software supply chain attacks. With these attacks’ increasing frequency and sophistication, organizations face significant risks that they must manage effectively. This post interprets the critical findings from Gartner’s report. It explains how Scribe […]

In an era where cyber threats are growing in both sophistication and scale, organizations are increasingly relying on artificial intelligence (AI) to strengthen their security frameworks. This trend is particularly significant in software supply chain security, where AI is becoming a crucial tool in identifying vulnerabilities, predicting emerging threats, and streamlining the development and deployment […]

That is associated with them in a given software application. Using SCA tools the entire codebase of an application is searched to find out all the open-source libraries and components used in the application, their versions are monitored and it also finds out the known vulnerabilities for those components.  Purpose of SCA The main objective […]

It is critically important to secure Cloud Environments and Applications given that the world is now a global village. Two solutions that are critical for these purposes in organizations are Application Security Posture Management (ASPM) and Cloud Security Posture Management (CSPM). Each performs a security function, though they serve the function in different settings and […]

In today’s digital landscape, software security is paramount. The National Security Agency (NSA), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), has established comprehensive guidelines for Software Bill of Materials (SBOM) Management. These guidelines are crucial for organizations aiming to bolster their cybersecurity posture and mitigate risks in their software supply chain. Why […]

In today’s interconnected digital landscape, ensuring the security of your software supply chain is paramount. The software supply chain encompasses all the processes and components involved in developing, building, and deploying software, and it is increasingly targeted by cyberattacks. Having worked with numerous companies and leveraging vast industry experience, I can confidently share some of […]

What is the XZ Utils (CVE-2024-3094) Backdoor? CVE-2024-3094, published at the beginning of April 2024, is a backdoor maliciously inserted into a Linux utility. It was detected by Andres Freund, a curious and security-aware Microsoft software engineer, on the verge of being integrated into main Linux distributions. Had this succeeded, an unimaginable number of servers […]