Cyber Risk
Barak Brudo / June 20, 2022 Evaluate Your Source Control Security Posture with GitGat

GitGat is a set of self-contained OPA (Open Policy Agent) policies written in Rego. GitGat evaluates the security settings of your SCM account and provides you with a status report and actionable recommendations.

read More
Cyber Risk
Barak Brudo / June 20, 2022 What’s hiding in your code?

You cannot trust the signed products and updates of vendors and your very own code might have already been modified or added to. What, then, can you do to really be certain you are not installing malicious files into your system?

read More
Cyber RiskSSDF FINAL VERSION
Barak Brudo / May 12, 2022 SSDF (NIST 800-218) final version – differences from the draft and their implications for you

On March 22nd NIST released the final version of the SSDF 1.1 (Secure software development framework). We’ll take a look at some of the differences between the final version and the previous draft.

read More
Cyber Riskwebinar cover image
Barak Brudo / April 19, 2022 Demystifying New Cybersecurity Regulations in 2022 Webinar

On April 14th Barak Brudo hosted Deborah Housen-Couriel and Gil Bahat to talk about the new regulation designed to secure the software supply chain in the US.

read More
Cyber RiskDevSec For Scale Podcast
Barak Brudo / March 31, 2022 Improving The Trust In The Software Supply Chain

A few weeks ago I was interviewed on the DevSec For Scale Podcast on the subject of securing the software supply chain.

read More
Cyber RiskCache Poisoning
Mikey Strauss / March 30, 2022 GitHub Cache Poisoning

Do you know what happens under the hood of your CI? Without deep understanding, you might be vulnerable to innovative supply chain attacks. This article describes such an attack.

read More
Cyber RiskContinuous Assurance & Software Supply Chain Security | Scribe Security
Doron Peri / February 24, 2022 Continuous Assurance: An Integral Practice for Software Supply Chain Security

Continuous Assurance granularly collects evidence about all events in the development life cycle including the product build, and deployment that might affect the eventual software product’s security.

read More
Cyber RiskWhat is NIST SP 800-218 Cybersecurity Framework? | Scribe Security
Barak Brudo / February 24, 2022 NIST SP 800-218 – What Is This Framework and How To Utilize It

NIST’s Secure Software Development Framework (SSDF) promotes transparency and tamper-resistant measures to reduce the risk of malicious intervention and exposure to vulnerabilities in the Software Development Lifecycle.

read More
Cyber RiskSoftware Bill of Materials (SBOM) Cybersecurity Solution | Scribe Security
Rubi Arbel / January 26, 2022 A Deep Dive into Software Bill of Materials (SBOM)

A software bill of materials, sometimes known as an SBOM, is a set of information that is applied to software. The licensing information, version numbers, component details, and vendors are all key figures.

read More