Our Blog

That is associated with them in a given software application. Using SCA tools the entire codebase of an application is searched to find out all the open-source libraries and components used in the application, their versions are monitored and it also finds out the known vulnerabilities for those components.  Purpose of SCA The main objective […]

It is critically important to secure Cloud Environments and Applications given that the world is now a global village. Two solutions that are critical for these purposes in organizations are Application Security Posture Management (ASPM) and Cloud Security Posture Management (CSPM). Each performs a security function, though they serve the function in different settings and […]

In today’s digital landscape, software security is paramount. The National Security Agency (NSA), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), has established comprehensive guidelines for Software Bill of Materials (SBOM) Management. These guidelines are crucial for organizations aiming to bolster their cybersecurity posture and mitigate risks in their software supply chain. Why […]

In today’s interconnected digital landscape, ensuring the security of your software supply chain is paramount. The software supply chain encompasses all the processes and components involved in developing, building, and deploying software, and it is increasingly targeted by cyberattacks. Having worked with numerous companies and leveraging vast industry experience, I can confidently share some of […]

What is the XZ Utils (CVE-2024-3094) Backdoor? CVE-2024-3094, published at the beginning of April 2024, is a backdoor maliciously inserted into a Linux utility. It was detected by Andres Freund, a curious and security-aware Microsoft software engineer, on the verge of being integrated into main Linux distributions. Had this succeeded, an unimaginable number of servers […]

Imagine the next board meeting. You, a security leader in your organization, will present your standard deck with risks, mitigations, and incidents. Then, one of the board members will ask: How are you preparing to protect the new AI technologies and the MLOps pipelines that the company is already using?  Here is your answer. AI […]

Welcome back to the second part of our blog series, where we delve deeper into the potent capabilities of Valint. In this article, we’ll focus on Valint’s policy engine and its pivotal role in assuring compliance throughout your supply chain. In our previous blog post, we provided an overview of Valint’s design principles. How the Policy Engine […]

With the increasing complexity of applications and the proliferation of security threats, ensuring the security of software applications has become a significant challenge for organizations. Application Security Posture Management (ASPM) emerges as a solution to these challenges, providing a framework for improving visibility, managing vulnerabilities, and enforcing security controls across the software development lifecycle. The […]

The specifics of what happens inside CI/CD pipelines are infamously opaque. Despite having written the YAML config file, which is the pipeline list of instructions, how can you be certain that everything happens precisely as it is described? Even worse, the majority of pipelines are entirely transient, so even in the event of a malfunction, […]

The Secure Software Development Framework (SSDF), AKA NIST SP800-218, is a set of guidelines developed by NIST in response to Executive Order 14028, which focuses on enhancing the cybersecurity posture of the United States, particularly concerning software supply chain security.  SSDF is a best practices framework, not a standard. While particularly relevant to organizations that […]