Our Blog

Cyber RiskAn abstract image of documents sharing
Barak Brudo What We Can Learn From CISA’s SBOM Sharing Lifecycle Report

On April 2023 DHS, CISA, DOE, and CESER released a report titled ‘Software Bill of Materials (SBOM) Sharing Lifecycle Report’. The purpose of the report was to examine the current ways in which people are sharing SBOMs as well as outline, in general terms, how this sharing could be done better, with greater sophistication to […]

Read more
Cyber Risk
Barak Brudo From Chaos to Clarity: How to Secure Your Supply Chain with Attestations

As everyone is getting progressively more aware, protecting your software supply chains should be a vital part of every organization’s cyber security strategy. One of the main difficulties in creating a comprehensive strategy to mitigate software supply chain threats is the complexity and diversity of supply chains. Each supply chain is unique, and the elements […]

Read more
Cyber RiskAn image illustrating approved code
Barak Brudo Using the 3CX Desktop App Attack To Illustrate the Importance of Signing and Verifying Software

In late March 2023, security researchers exposed a threat actor’s complex software supply chain attack on business communication software from 3CX, mainly the company’s voice and video-calling desktop app. The researchers warned that the app was somehow trojanized and that using it could expose the organization to a possible exfiltration scheme by a threat actor. […]

Read more
Cyber RiskAn image of a person peering through a pipeline
Barak Brudo How Confident Are You With What’s Really Happening Inside Your CI/CD Pipeline? The Elements You Should Be Securing, and How

CI/CD pipelines are notoriously opaque as to what exactly takes place inside. Even if you’re the one who wrote the YAML config file (the pipeline list of instructions) how can you be sure that everything takes place exactly as described? Worse, most pipelines are completely ephemeral so even if something bad happens there are no […]

Read more
Cyber RiskAn image illustrating OpenSSL
Barak Brudo The story of the OpenSSL patch 3.0.7 and the lessons you can learn from it

OpenSSL is a widely-used open-source software library for implementing secure communications over computer networks. How widely used? Well, chances are that if you’ve ever accessed an HTTPS web page you did so over an OpenSSL encryption. The library provides cryptographic functions and protocols for data encryption, decryption, authentication, and digital signature verification. OpenSSL can be […]

Read more
Cyber RiskAn image illustrating EU law
Barak Brudo Defending Your Digital Services: An Inside Look at the European Cyber Resilience Act

Successful cyberattacks against both hardware and software products are becoming disturbingly frequent. According to Cybersecurity Ventures, cybercrime cost the world an estimated 7 trillion USD in 2022. With such a high price tag there is no wonder that both companies and governments are taking notice. The U.S. led the way with the presidential executive order […]

Read more
Cyber RiskAn image illustrating CI/CD pipeline
Barak Brudo From Vulnerability to Victory: Defending Your CI/CD Pipeline

Automated CI/CD (Continuous Integration/Continuous Delivery) pipelines are used to speed up development. It is awesome to have triggers or scheduling that take your code, merge it, build it, test it, and ship it automatically. However, having been built for speed and ease of use means that most pipelines are not inherently built with security in […]

Read more
Cyber Risk
Barak Brudo What does the future hold for VEX? And how would it affect you?

The rate at which new vulnerabilities are disclosed is constantly increasing. It currently stands at an average of 15,000 CVEs per year. 2022 stands out with over 26,000 new CVEs reported. Obviously, not all vulnerabilities are relevant to your software. To figure out if a particular vulnerability is a problem, you first need to figure […]

Read more
Cyber RiskImage illustrating comparison
Barak Brudo SPDX vs. CycloneDX: SBOM Formats Compared

Despite the growing adoption of the Software Bill of Materials (SBOM) to serve as a vulnerability management and cybersecurity tool, many organizations still struggle to understand the two most popular SBOM formats in use today, SPDX and CycloneDX. In this article, we will compare these two formats to help you choose the right one for […]

Read more
UncategorizedAn image illustrating protection
Doron Peri From Application Security to Software Supply Chain Security: A Fresh Approach Is Needed

The traditional approach to securing software products focuses on eliminating vulnerabilities in custom code and safeguarding applications against known risks in third-party dependencies. However, this method is inadequate and fails to address the full scope of threats posed by the software supply chain. Neglecting to secure every aspect of this chain, from production to distribution […]

Read more
1 2 3 4 5