ITWeb

Mitigating corporate risk of widespread software dependency

A major South African corporation might use up to 4 000 third-party software products that are business-critical. The relentless pursuit of greater efficiencies, more streamlined processes, more ...
Dark Reading

Log4j Highlights Need for Better Handle on Software Dependencies

It's a new year and the cybersecurity community now faces the long-term consequences of yet another software supply chain security nightmare. After a year full of application security zero-day fallout ...
Dark Reading

Software Supply Chain Strategies to Parry Dependency Confusion Attacks

"What's in a name? That which we call a rose By any other name would smell as sweet." When Shakespeare wrote these words (Romeo and Juliet, Act 2, Scene 2) in 1596, he was saying that a name is just a ...
Security

Endor Labs releases report on open-source software dependency management

Endor Labs today released The 2024 Dependency Management Report, which consolidates extensive original and third-party research into the current state of security in the software dependency lifecycle ...
CSOonline

OpenSSF releases npm best practices to help developers tackle open-source dependency risks

The npm Best Practices Guide aims to help JavaScript and TypeScript developers reduce the security risks of using open-source dependencies. The Open Source Security Foundation (OpenSSF) has released ...