Uncovering the invisible threat: Why your network may still be at risk | allinfosecnews.com

June 10, 2024, 2 p.m. | Mitchell Johnson

Sonatype Blog blog.sonatype.com

What if I told you that regardless of how much time, people, and money you invest in your security program, your network is almost certainly exposed to an easily exploitable security hole? The security hole I'm referring to is intentionally malicious components downloaded by your developers directly or via the automated DevOps processes that build your software using the same pipeline required to obtain legitimate open source components. This security hole is easily addressed with a solution like a repository …

components developers exposed malicious may money network people program risk security security program threat

More from blog.sonatype.com / Sonatype Blog

Software composition analysis (SCA): A beginner's guide 4 days, 19 hours ago | blog.sonatype.com

accelerate analysis applications beginner +18

Polyfill.io supply chain attack hits 100,000+ websites — all you need to know 5 days, 16 hours ago | blog.sonatype.com

attack cdn compromised javascript +10

Exploit creator selling 250+ reserved npm packages on Telegram 5 days, 16 hours ago | blog.sonatype.com

amazon amazon web services aws coming +23

Maven Central and the tragedy of the commons 5 days, 19 hours ago | blog.sonatype.com

central commons community concept +9

DORA ICT risk management framework: What to know 1 week ago | blog.sonatype.com

act analysis basic compliance +25

Start building your CRA compliance strategy now 1 week, 6 days ago | blog.sonatype.com

act building compliance cra +22

NIS2 readiness: Ensure compliance with the EU Cybersecurity Directive 2 weeks, 4 days ago | blog.sonatype.com

community compliance cybersecurity cybersecurity directive +14

'cors-parser' npm package hides cross-platform backdoor in PNG files 2 weeks, 6 days ago | blog.sonatype.com

backdoor cors cross-origin download +21

Uncovering the invisible threat: Why your network may still be at risk 3 weeks ago | blog.sonatype.com

components developers exposed malicious +9

Security Program Manager

@ PwC | Dublin - One Spencer Dock

View on infosec-jobs.com

Risk Services, Digital Audit - Associate / Senior Associate

@ PwC | Singapore - Marina One

View on infosec-jobs.com

Risk Services, Digital Audit - Manager

@ PwC | Singapore - Marina One

View on infosec-jobs.com

Director, Performance Marketing & Revenue Analytics

@ Proofpoint | Sunnyvale, CA

View on infosec-jobs.com

Regulated Data Program Manager - University Information Services – Georgetown University

@ Georgetown University | 2115 Wisconsin Ave 3rd Floor

View on infosec-jobs.com

Security Monitoring and Response Analyst II - (SOC)

@ Mastercard | Pune, India

View on infosec-jobs.com