Supply Chain Security

A collection of 21 posts

The Open-Source Backdoor That Almost Compromised SSH

The Open-Source Backdoor That Almost Compromised SSH

The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to maintain trust and security.

Securing The Software Delivery Pipeline With Honeytokens

Securing The Software Delivery Pipeline With Honeytokens

Discover how honeytokens enhance security by detecting breaches in real-time across the software development lifecycle. Learn how to deploy these decoy credentials and traps effectively, bolstering defenses against cyber threats.

Protecting Your Software Supply Chain: Understanding Typosquatting and Dependency Confusion Attacks

Protecting Your Software Supply Chain: Understanding Typosquatting and Dependency Confusion Attacks

Typosquatting and dependency confusion are two common tactics used by hackers to exploit open-source package repositories. Understand how these attacks work and discover preventive measures to secure your infrastructure.

How We Built a Supply Chain Security Watchtower: Meet SaaS-Sentinel

How We Built a Supply Chain Security Watchtower: Meet SaaS-Sentinel

SaaS-Sentinel is a free monitoring platform that notifies users when their favorite tool might be under attack, helping them stay on top of supply chain risks. Here is the full story of this innovative project that seeks to democratize the use of honeytokens. Join the adventure today!

Supply Chain Security: Secrets and Modern Security Frameworks (Part III)

Supply Chain Security: Secrets and Modern Security Frameworks (Part III)

In this final part, we'll discuss more software supply chain security frameworks and the critical role of secrets detection in them. We'll explore the NIST SSDF, SLSA, and OSC&R frameworks and how they cover the topic of secrets in software supply chain security.

arrow-down