Our Blog

Cyber Risk
Barak Brudo Don’t be the weakest link: The role of developers in securing the software supply chain

When three U.S. government agencies get together to “strongly encourage” developers to adopt certain practices, you should pay attention. The CISA, NSA, and ODNI, in recognition of the threat of cyber-hackers and in the wake of the SolarWinds attack, announced that they will be  jointly publishing a collection of recommendations for securing the software supply […]

Read more
Cyber RiskAn image of a knock out
Barak Brudo How can you make sure your bottom line doesn’t get knocked out by the OMB Memo?

The US government is in the process of revamping its cybersecurity policies. This includes the release of Secure Software Development Framework (SSDF) version 1.1 by the National Institute of Standards and Technology (NIST), which aims to reduce security vulnerabilities across the Software Development Life Cycle (SDLC). The document provides software vendors and acquirers with “a […]

Read more
Cyber RiskIconBurst Article Image
Barak Brudo IconBust, a new NPM attack

A new software supply chain attack designed to extract data from applications and websites was found in over two dozen NPM packages.

Read more
Cyber Riskbanner
Barak Brudo Evaluate Your Source Control Security Posture with GitGat

GitGat is a set of self-contained OPA (Open Policy Agent) policies written in Rego. GitGat evaluates the security settings of your SCM account and provides you with a status report and actionable recommendations.

Read more
Cyber RiskScreenshot
Barak Brudo What’s hiding in your code?

You cannot trust the signed products and updates of vendors and your very own code might have already been modified or added to. What, then, can you do to really be certain you are not installing malicious files into your system?

Read more
Barak Brudo SSDF (NIST 800-218) final version – differences from the draft and their implications for you

On March 22nd NIST released the final version of the SSDF 1.1 (Secure software development framework). We’ll take a look at some of the differences between the final version and the previous draft.

Read more
Cyber RiskCache Poisoning
Barak Brudo GitHub Cache Poisoning

Do you know what happens under the hood of your CI? Without deep understanding, you might be vulnerable to innovative supply chain attacks. This article describes such an attack.

Read more
Cyber RiskContinuous Assurance & Software Supply Chain Security | Scribe Security
Doron Peri Continuous Assurance: An Integral Practice for Software Supply Chain Security

Continuous Assurance granularly collects evidence about all events in the development life cycle including the product build, and deployment that might affect the eventual software product’s security.

Read more
Cyber RiskWhat is NIST SP 800-218 Cybersecurity Framework? | Scribe Security
Barak Brudo NIST SP 800-218 – What Is This Framework and How To Utilize It

NIST’s Secure Software Development Framework (SSDF) promotes transparency and tamper-resistant measures to reduce the risk of malicious intervention and exposure to vulnerabilities in the Software Development Lifecycle.

Read more
1 2 3 4