Developing a Plan to Respond to Critical CVEs in Open Source Software

June 7, 2024 at 10:09AM The tech industry faced wake-up calls in 2020 and 2021 with incidents like SolarWinds, Log4j, and Kaseya’s VSA, emphasizing the critical need to refine response strategies to vulnerabilities and supply chain attacks. Both large and small organizations must prioritize comprehensive asset inventories and software bills of materials to effectively respond … Read more

Cyber Landscape is Evolving – So Should Your SCA

June 7, 2024 at 08:06AM Summary: Traditional Software Composition Analysis (SCA) tools struggle to provide comprehensive security for software supply chains, leading to alert fatigue and leaving organizations vulnerable. Myrror Security’s guide offers insights into the limitations of current SCA tools and the features needed in future software supply chain security solutions to combat emerging … Read more

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

May 20, 2024 at 08:12AM Developers often rely on open-source components, which account for the majority of modern software. However, vulnerabilities often stem from these components. GitGuardian’s Software Composition Analysis (SCA) enables developers to scan for CVEs before committing code, ensuring early detection and prevention of known vulnerabilities. GitGuardian SCA is available for a 2-week … Read more

Three Ways To Supercharge Your Software Supply Chain Security

January 4, 2024 at 08:12AM The “Executive Order on Improving the Nation’s Cybersecurity” emphasizes securing the “Software Supply Chain.” The article provides three ways to enhance security: safeguarding secrets, using software composition analysis for transparency, and integrating ethical hacking. Strengthening Software Supply Chain Security is crucial for smooth software sales and overall resilience in the … Read more