The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.
The post Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol appeared first on SecurityWeek.
CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.
The post CISA Unveils New HBOM Framework to Track Hardware Components appeared first on SecurityWeek.
Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.
The post Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages appeared first on SecurityWeek.
Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.
The post Webinar Tomorrow: Unpacking the Secure Supply Chain Consumption Framework (S2C2F) appeared first on SecurityWeek.
A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong.
The post New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack appeared first on SecurityWeek.
Google sprinkles magic of generative-AI into its open source fuzz testing infrastructure and finds immediate success with code coverage.
The post Google Brings AI Magic to Fuzz Testing With Eye-Opening Results appeared first on SecurityWeek.
The US government’s cybersecurity agency describes UEFI as “critical attack surface” that requires urgent security attention.
The post CISA Calls Urgent Attention to UEFI Attack Surfaces appeared first on SecurityWeek.
Endor Labs has closed a massive $70 million Series A round of financing to fuel ambitious plans to build a dependency lifecycle management platform.
The post Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round appeared first on SecurityWeek.
San Francisco startup Socket raises $20 million as investors continue to bet on companies in the open source software security category.
The post Socket Scores $20M as Investors Bet on Software Supply Chain Security Startups appeared first on SecurityWeek.
Signing code is very important to defend against supply chain attacks, but it’s also one of the most cumbersome to implement for internal development.
The post Verifying Software Integrity With Sigstore appeared first on SecurityWeek.
Privacy Settings
This website uses cookies to improve your experience while you navigate through the website.
