supply chain

Vet: Open-source software supply chain security tool
Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition …

48% of security pros are falling behind compliance requirements
32% of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations, according to Lineaje. Meanwhile, 68% are …

4.5% of breaches now extend to fourth parties
Security teams can no longer afford to treat third-party security as a compliance checkbox, according to SecurityScorecard. Traditional vendor risk assessments, conducted …

Chinese military-linked companies dominate US digital supply chain
Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to …

Hackers target AI and crypto as software supply chain risks grow
The growing sophistication of software supply chain attacks is driven by widespread flaws in open-source and third-party commercial software, along with malicious campaigns …

It’s time to secure the extended digital supply chain
Organizations’ increasing reliance on third-party software and services has created an environment with more vulnerabilities and harder-to-detect risks. Attackers know they …

Only 26% of Europe’s top companies earn a high rating for cybersecurity
With the EU’s Digital Operational Resilience Act (DORA) deadline approaching on 17th January, 2025, Europe’s top 100 companies face an urgent cybersecurity challenge, …

Containers have 600+ vulnerabilities on average
Containers are the fastest growing – and weakest cybersecurity link – in software supply chains, according to NetRise. Companies are struggling to get container …

Evaluating your organization’s application risk management journey
In this Help Net Security interview, Chris Wysopal, Chief Security Evangelist at Veracode, discusses strategies for CISOs to quantify application risk in financial terms. …

Effective strategies for measuring and testing cyber resilience
In this Help Net Security interview, Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), discusses the emerging cyber threats and …

Transportation, logistics companies targeted with lures impersonating fleet management software
Financially motivated threat actors are targeting North American companies in the transportation and logistics sector with tailored lures, info-stealing malware, and a clever …

Paid open-source maintainers spend more time on security
Paid maintainers are 55% more likely to implement critical security and maintenance practices than unpaid maintainers and are dedicating more time to implementing security …