software supply chain

| Cybersecurity | Apr 15, 2024

XZ Redux? Social engineering attacks on OSS intercepted

openssf open source social engineering attack

"These emails implored OpenJS to take action to update one of its popular JavaScript projects to ‘address any critical vulnerabilities'"

cybersecurity | Mar 30, 2024

Malicious backdoor, CVSS 10, slipped onto major Linux distributions

Poisoned Easter eggs for all: Apparent supply chain attack caught mercifully early…

| CISA | Feb 12, 2024

How secure is your package repo? CISA defines four levels of security maturity, starting at zero

"Package managers are at a critical point in the open source ecosystem and have the capability to scale security improvements across open source ecosystems"

SolarWinds | Oct 31, 2023

SolarWinds sued by SEC over 2019 monster hack, CISO also charged with fraud, control failures

SolarWinds sued by SEC, SolarWinds CISO also charged with fraud

SolarWinds’ poor controls... false and misleading statements and omissions, and the other misconduct... would have violated the federal securities laws even if SolarWinds had not experienced a major, targeted cybersecurity attack"

Cybersecurity | Apr 03, 2023

What CISOs need to know about the “3CX” software supply chain attacks

With tips on securing your own build processes and supply chain resilience...

Featured | Nov 23, 2022

Microsoft's CTO touts S2C2F: IT leaders, pay heed to this one

A highly practical framework to boost the security of open source consumption

software supply chain

6