This is part two of a two-part blog series on third-party code usage in software development. Go to part one here: Secure your software supply chain – trusting third parties. In part one we looked at the general pros and cons of third-party software use and the necessity of determining trust towards the vendors/publishers. We […]
In an earlier blog post we looked at how to avoid becoming a vector for a software supply chain attack. In this two-part article we will mainly look at how you as a consumer of third-party and/or open source software can identify vendors to trust and mitigate the different relevant threats. Let’s take a pragmatic […]
Vad är egentligen ett red team-test och varför behöver man göra det i sin organisation? Här reder vi ut begreppet red teaming – en sorts ”etisk hacking”. Målet är att identifiera en organisations sårbarheter för cyberattacker.
Securing build servers and the development process as a whole is crucial to avoid becoming part of a software supply-chain attack. SUNBURST is a malware that was spread by breaching the build server for SolarWinds’ Orion product. Using threat modeling it is possible to identify mitigations to reduce the risk and improve the security of the development life-cycle.
The chase for shorter time to market almost always involves automation in some kind of form, but the rush for implementing it can sometimes introduce security issues. Organizations might gain speed but the question is often at what cost of security? In this blogpost and several more to come we will talk a bit about […]