Tag

Software Supply Chain

All articles tagged with #software supply chain

technology2 days ago•5 min saved

IBM and Red Hat Launch $5B AI-Driven Open Source Security Initiative

IBM and Red Hat unveil Project Lightwell, a $5 billion initiative that uses frontier AI and a 20,000-strong engineering force to create a trusted enterprise clearinghouse for open source software, enabling rapid vulnerability identification, validation, and patches across the software supply chain with upstream disclosures and enterprise subscriptions. Initial deployments with major banks aim to strengthen OSS security across production environments.

via IBM Newsroom|

#ai-driven-security #ibm-red-hat-partnership #open-source-security

technology9 days ago•4 min saved

TeamPCP’s Open-Source Poisoning Escalates Into a Global, Ongoing Threat

A cybercrime group known as TeamPCP has intensified software supply-chain attacks by poisoning hundreds of open-source tools, turning legitimate code into a foothold for extortion, with GitHub among the victims—signaling a shift from rare incidents to an ongoing, widespread threat in software security.

via WIRED|

#cybersecurity #github #open-source

cybersecurity2 years ago•2 min saved

Log4J Vulnerability: A Persistent Security Concern for Businesses

Approximately 38% of applications using the Apache Log4j library are still using vulnerable versions, including Log4Shell, a critical remote code execution flaw. Despite patches being available for over two years, many organizations continue to use outdated versions of Log4j, leaving themselves open to security risks. A report from Veracode highlights the persistence of old vulnerabilities and the reluctance of developers to update third-party libraries. The recommendation is for companies to scan their environment, identify the versions of open-source libraries in use, and develop an emergency upgrade plan.

via BleepingComputer|

#cybersecurity #log4j #log4shell