Secure Your Software Supply Chain – Threats And Mitigations

30 Jun 2021 in Cyber Security&Secure Development

This is part two of a two-part blog series on third-party code usage in software development. Go to part one here: Secure your software supply chain  – trusting third parties. In part one we looked at the general pros and cons of third-party software use and the necessity of determining trust towards the vendors/publishers. We […]

Secure Your Software Supply Chain – Trusting 3rd Parties

30 Jun 2021 in Cyber Security&Secure Development

In an earlier blog post we looked at how to avoid becoming a vector for a software supply chain attack. In this two-part article we will mainly look at how you as a consumer of third-party and/or open source software can identify vendors to trust and mitigate the different relevant threats. Let’s take a pragmatic […]

Hitta era säkerhetsbrister – Så funkar Red team i 5 steg

22 Jan 2021 in Cyber Security&Infrastructure&Secure Development

Vad är egentligen ett red team-test och varför behöver man göra det i sin organisation? Här reder vi ut begreppet red teaming – en sorts ”etisk hacking”. Målet är att identifiera en organisations sårbarheter för cyberattacker.

Avoiding supply-chain attacks similar to SolarWinds Orion’s (SUNBURST)

07 Jan 2021 in Cyber Security&Secure Development

Securing build servers and the development process as a whole is crucial to avoid becoming part of a software supply-chain attack. SUNBURST is a malware that was spread by breaching the build server for SolarWinds’ Orion product. Using threat modeling it is possible to identify mitigations to reduce the risk and improve the security of the development life-cycle.

Lets automate things securely!

11 Nov 2020 in Secure Development

The chase for shorter time to market almost always involves automation in some kind of form, but the rush for implementing it can sometimes introduce security issues. Organizations might gain speed but the question is often at what cost of security? In this blogpost and several more to come we will talk a bit about […]