The software supply chain is a vast, global landscape made up of a complicated web of interconnected software producers and consumers. As such, it comes with numerous risks and vulnerabilities that affect all software–including those from third parties and outside vendors. These risks include everything from code vulnerabilities and open-source code repositories to hijacked software…

Internet telephony company 3CX is warning its customers of malware that was apparently weaseled into the company’s own 3CX Desktop App by cybercriminals who seem to have acquired access to one or more of 3CX’s source code repositories. As you can imagine, given that the company is scrambling not only to figure out what happened,…

Secrets embedded in source code pose a risk to developers and the organizations they work in. Secrets can be used to take over both user and service accounts, which can lead to sensitive data exposure, operational risks, and financial or reputational damage. There are many commercial and open source projects available to detect hardcoded secrets,…

As more organizations shift to cloud-native application development to support new business features and digital transformation initiatives, software supply chain issues have become more visible. Because cloud-native development relies so heavily on open source software, organizations have to start thinking about the components that go into these applications. To build these cloud-native applications, developers have…

Financial terms of the transaction were not disclosed. Canonic Security, based in Tel Aviv, Israel, emerged from stealth exactly a year ago with $6 million in seed-stage venture capital funding for technology in the third-party app governance space. The publicly traded Zscaler, based in San Jose, CalifCanonic’s platform is designed to prevent expanding risks associated…

The US Cybersecurity and Infrastructure Security Agency (CISA) plans to open an office focused on helping the public and private sectors protect their software and IT supply chains. The new office will help organizations implement recently issued CISA policies and guidance related to managing cybersecurity supply chain risk, including issues stemming from malicious functionality, counterfeit…

BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, co-founder and CEO Jim Rosenthal says. Existing supply chain security tools tend to generate lots of risk information but then put the burden on the client to interact with their suppliers about remediating that risk, Rosenthal…

Created by the Enduring Security Framework (ESF), a cross-sector working group seeking to mitigate the risks threatening the critical infrastructure and national security, the guidance provides recommendations for developers, suppliers, and organizations. In September, the three US agencies released the first part of the series, which included recommendations for developers looking to improve the software…

Product supply-chain traceability is a very important aspect in manufacturing as it contributes directly to product safety, quality, and, as an emerging trend, product sustainability and ethics. In terms of safety, automotive manufacturers consistently announce product recalls to protect their customers from failure of faulty parts, as well as to protect themselves by being compliant…