Software supply chain attacks increased over 300% in 2021

We all knew there was an increase in software supply chain attacks in 2021, but a new study has quantified just how bad things got.

Argon Security – recently acquired by Aqua Security – published the latest edition of its annual Software Supply Chain Security Review this week.

The headline stat from Argon’s report that software supply chain attacks grew by more than 300 percent in 2021 compared to 2020.

Eran Orzel, Senior Director of Argon Customer...

Google wants to increase government collaboration to secure open-source

Google says that it wants to increase government collaboration to help secure open-source after participating in a White House summit.

On Thursday, Google participated in the White House Open Source Software Security Summit with the aim of building on its “work with the Administration to strengthen America’s collective cybersecurity through critical areas like open-source software.”

The past year has been particularly bad for open-source security problems, with...

Is good security the answer to team happiness?

Nowadays, most businesses aren’t naive enough to imagine that they can manage without the most basic cybersecurity protections. However, they’re more likely to invest in such provisions after experiencing a direct threat or hearing a closely related business has suffered a breach.

This reactive approach to cybersecurity is costly — impacting not just the bottom line, but employee happiness and even customer trust. In reality, however, even a small investment in security...

In-built infrastructure security advantage with policy as code

It is impossible to discuss where DevOps trends are heading without mentioning policy as code, the writing of code in a high-level language to manage and automate policies in the developmental process.

In an ever-evolving regulatory landscape, organisations simply don't have the right technology or resources to scale their security and compliance efforts. Policy as code provides the much-needed agility to address regulations or standards as they emerge. This means that new...

Akamai’s latest solution counters the growing security threat to APIs

Akamai has launched App & API Protector, a new solution for protecting APIs and web applications.

Last month, Akamai released its 'API: The Attack Surface That Connects Us All' report which highlights the challenges that organisations face in the modern threat landscape. The expert analysts at Gartner even report that APIs will be the most frequent online attack vendor by 2022.

App & API Protector aims to counter such threats with a solution that detects up to...

Sonatype analysis reveals a 73 percent surge in open-source demand

A report from Sonatype has revealed a 73 percent surge in the demand for open-source despite a year of high profile vulnerabilities.

The growing use of open-source to keep up with the pace of modern development makes it a prime target for cybercriminals. We’ve seen this multiple times in practice over the past year with devastating attacks like that on SolarWinds even making national headlines for its widespread implications.

In fact, Sonatype’s report highlights a...

GitHub releases analysis of relations between developers and security researchers

Relations between developers and security researchers is critical, but it’s no secret they’re often fraught.

GitHub first announced that it was expanding its research to more fully understand the relationship between developer and security research communities in December 2020. The initial analysis, conducted by GitHub Security Lab, has now been released.

For its debut analysis, Github focused on the vulnerability disclosure process—of which there is currently no...

Google wants to ‘advance cybersecurity’ by fixing open-source and increasing training

Google has committed $10 billion over the next five years to “advance cybersecurity” by fixing some of the key problems with open-source and offering more training.

The announcement follows Google’s participation in President Biden’s White House Cyber Security Meeting this week. Leading tech executives including Alphabet CEO Sundar Pichai put their heads together following an increasing prevalence and seriousness of cyberattacks.

Open-source is vital and speeds...

Boris Cipot, Synopsys Software Integrity: On the cybersecurity landscape and countering threats

Following a year of high-profile cyberattacks, developers are understandably concerned their software could be the next to be compromised.

Developer caught up with Boris Cipot, Senior Sales Engineer at Synopsys Software Integrity, to discuss the cybersecurity landscape and how developers can secure their software.

Cipot came to Synopsys following the company’s acquisition of Black Duck Software. Prior to those companies, Cipot held senior roles at anti-malware...

Checkmarx acquires Dustico in wake of increasing supply chain attacks

Developer-centric app security testing (AST) firm Checkmarx has acquired Dustico to help counter the increasing threat of supply chain attacks.

“We’re thrilled to welcome Dustico and its team to Checkmarx as the Israeli tech ecosystem continues to push the boundaries of cybersecurity innovation and talent,” said Emmanuel Benzaquen, CEO, Checkmarx.

“Blending Dustico’s differentiated approach to open source analysis with Checkmarx’s best-of-breed security...