NuGet

Software Supply Chain Attacks: Regulation and Litigation Increase, as Barriers to Entry Drop

Retrieved on: 
Tuesday, January 16, 2024

The report calls out visibility gaps in the software supply chain; an increase of malware on open source package managers; and continuing problems with leaks of developer secrets, all of which increase risk and exposures in the software supply chain for any organization developing and deploying software.

Key Points: 
  • The report calls out visibility gaps in the software supply chain; an increase of malware on open source package managers; and continuing problems with leaks of developer secrets, all of which increase risk and exposures in the software supply chain for any organization developing and deploying software.
  • The report insights are gleaned from the ReversingLabs Software Supply Chain Security platform and its industry-leading threat repository, containing over 40 billion malware and goodware files.
  • “Over the years, we’ve closely monitored the increase of software supply chain exposures and attacks.
  • For additional insights, attend ReversingLabs The State of Software Supply Chain Security 2024 Webinar on January 31 at 12 pm ET.

Phylum Launches a Threat Feed of Open-Source Malware, Introduces Phylum App for Sumo Logic

Retrieved on: 
Thursday, December 7, 2023

EVERGREEN, Colo., Dec. 7, 2023 /PRNewswire/ -- Phylum, The Software Supply Chain Security Company, today announced the availability of the Phylum Threat Feed and its partnership with Sumo Logic. With the Phylum App for Sumo Logic, users can know if their organization has been impacted by software supply chain risks, including:

Key Points: 
  • Phylum specializes in identifying and mitigating software supply chain attacks, focusing on protecting developers against threats originating from open-source ecosystems.
  • The Phylum Threat Feed provides a curated view of malicious packages that are published into the open-source ecosystem.
  • The feed shows automated, high signal threat data that informs organizations of software supply chain attacks that have been executed as well as indicators of potential future threats.
  • This high-fidelity data is actionable on its own, and can now be consumed in Sumo Logic to enrich other findings.

dtSearch® Release Extends Enterprise and Developer File Format Support; Also Enhances Developer SDK with Docker Sample Code and Beta Covering a 5th 64-Bit Platform

Retrieved on: 
Thursday, November 9, 2023

BETHESDA, Md., Nov. 9, 2023 /PRNewswire/ -- dtSearch announces the release of version 2023.02 of its enterprise and developer product line for instantly searching terabytes of online and offline data. The product line's proprietary document filters cover popular "Office" formats, website data, databases, compression formats, and emails with attachments. dtSearch products can run either "on premises" at organizations or in a cloud environment such as on Azure or AWS.

Key Points: 
  • The release adds new image/sound/video metadata support across 11 different file formats, with the updates covering both dtSearch's enterprise products and the dtSearch Engine developer SDK.
  • For dtSearch Engine developers, the release further adds sample code demonstrating use of the dtSearch Engine SDK in an ASP.NET Core application running in a Windows (NanoServer) or Linux Docker container.
  • The release also includes additional dtSearch Engine SDK sample code for NuGet package deployment with a range of dependencies.
  • The release expands the sample code covering Docker container and NuGet deployment.

Sonatype’s 9th Annual State of the Software Supply Chain Report Reveals Ways to Improve Developer, DevSecOps Efficiency

Retrieved on: 
Tuesday, October 3, 2023

DevOps Enterprise Summit - Las Vegas, Oct. 03, 2023 (GLOBE NEWSWIRE) -- Sonatype , the pioneer of software supply chain management, today released its 9th Annual State of the Software Supply Chain Report.

Key Points: 
  • DevOps Enterprise Summit - Las Vegas, Oct. 03, 2023 (GLOBE NEWSWIRE) -- Sonatype , the pioneer of software supply chain management, today released its 9th Annual State of the Software Supply Chain Report.
  • Noteworthy findings in the report include:
    2023 saw twice as many software supply chain attacks as 2019-2022 combined: Sonatype logged 245,032 malicious packages in 2023.
  • The finding demonstrates the importance of constant vigilance from consumers in tracking the health of dependencies over time.
  • This year’s report also analyzed operational supply, demand, and security trends associated with the Java (Maven Central), JavaScript (npmjs), Python (PyPI), and .Net (nuget) ecosystems.

Foxit Announces PDF SDK 9.0 For Both Windows and Web

Retrieved on: 
Wednesday, June 28, 2023

FREMONT, Calif., June 28, 2023 /PRNewswire/ -- Foxit, a leading provider of innovative PDF and eSignature products and services, helping knowledge workers to increase their productivity and do more with documents, today announced the launch of Foxit PDF SDK 9.0, delivering new advanced collaboration and conversion features for developers. Foxit's PDF SDK is built on a modern technology stack that integrates tightly with the platforms that developers are using. The PDF SDK is aimed at helping software developers in any industry to build apps with robust PDF functionality by leveraging the most popular development frameworks.

Key Points: 
  • As part of its focus on continuously upgrading the experience of developers, PDF SDK 9.0 includes numerous new features for both Windows and the Web.
  • As part of the new release PDF SDK 9.0 for Windows is now available as an add-on.
  • Additional new features of Foxit PDF SDK 9.0 include:
    PDF SDK for Web 9.0:
    Multiline Tiled Watermarks: A more robust and visible watermark to provide a higher level of copyright protection.
  • Foxit PDF SDK 9.0 is available across all major platforms, including Windows, Mac, Linux, iOS, Android, UWP, and Web and includes some of the most advanced technology in the PDF industry to take your application to the next level.

Foxit Announces PDF SDK 9.0 For Both Windows and Web

Retrieved on: 
Wednesday, June 28, 2023

FREMONT, Calif., June 28, 2023 /PRNewswire/ -- Foxit, a leading provider of innovative PDF and eSignature products and services, helping knowledge workers to increase their productivity and do more with documents, today announced the launch of Foxit PDF SDK 9.0, delivering new advanced collaboration and conversion features for developers. Foxit's PDF SDK is built on a modern technology stack that integrates tightly with the platforms that developers are using. The PDF SDK is aimed at helping software developers in any industry to build apps with robust PDF functionality by leveraging the most popular development frameworks.

Key Points: 
  • As part of its focus on continuously upgrading the experience of developers, PDF SDK 9.0 includes numerous new features for both Windows and the Web.
  • As part of the new release PDF SDK 9.0 for Windows is now available as an add-on.
  • Additional new features of Foxit PDF SDK 9.0 include:
    PDF SDK for Web 9.0:
    Multiline Tiled Watermarks: A more robust and visible watermark to provide a higher level of copyright protection.
  • Foxit PDF SDK 9.0 is available across all major platforms, including Windows, Mac, Linux, iOS, Android, UWP, and Web and includes some of the most advanced technology in the PDF industry to take your application to the next level.

AlterNET Studio version 9 released - with .NET 7 support and improvements for Code Editor, Scripter, and Form Designer

Retrieved on: 
Saturday, June 17, 2023

SYDNEY, Australia, June 17, 2023 /PRNewswire-PRWeb/ -- AlterNET Studio 9.0 brings .NET 7 support and improvements across all our component libraries. Below are AlterNET Studio 9.0 highlights:

Key Points: 
  • AlterNET Software announces the major release of AlterNET Studio - best-in-class .NET UI controls and frameworks for code editing, scripting, and UI designing.
  • SYDNEY, Australia, June 17, 2023 /PRNewswire-PRWeb/ -- AlterNET Studio 9.0 brings .NET 7 support and improvements across all our component libraries.
  • Below are AlterNET Studio 9.0 highlights:
    AlterNET Studio is fully compatible with .NET Framework 4.6.2+, .NET 6.0, and .NET 7.0.
  • Pyright drives Pylance extension for Python in Visual Studio Code and provides the best performance for advanced code editing features like code completion.

SOOS Announces Support for Golang

Retrieved on: 
Tuesday, December 20, 2022

WINOOSKI, Vt., Dec. 20, 2022 /PRNewswire/ -- Today SOOS announced expanded offerings to support Go developers. Now everyone programming in Go language can rely on SOOS for vulnerability scanning, license management, governance, and SBOM generation.

Key Points: 
  • Now Developers Can Count on SOOS for Go Language Vulnerability Scanning, License Management, Governance, and SBOM Generation
    WINOOSKI, Vt., Dec. 20, 2022 /PRNewswire/ -- Today SOOS announced expanded offerings to support Go developers.
  • Now everyone programming in Go language can rely on SOOS for vulnerability scanning, license management, governance, and SBOM generation.
  • Golang modules are becoming ever more prevalent, and SOOS offers the tools to ensure these publicly shared files are secure.
  • SOOS offers Go support with your CI/CD and issue management, and also easily integrates with Github.

Gurobi 10.0 Delivers Blazing-Fast Speed, Innovative Data Science Integration, and an Enterprise Development and Deployment Experience

Retrieved on: 
Monday, November 14, 2022

Gurobi 10.0 also includes the following advances in the underlying algorithmic framework:

Key Points: 
  • Gurobi 10.0 also includes the following advances in the underlying algorithmic framework:
    New network simplex algorithm Greatly speeds up solving LPs with network structure.
  • Specifically, Gurobi Machine Learning allows users to add a trained machine learning model as a constraint to a Gurobi model (e.g., from scikit-learn, TensorFlow/Keras, or PyTorch).
  • Gurobi introduced its Web License Service (WLS) for Docker and Kubernetes container environments last year, with the release of Gurobi 9.5.
  • Dr. Edward Rothberg, Chief Executive Officer and Co-founder of Gurobi Optimization added, We have the absolute best minds in optimization here at Gurobi.

Sonatype’s 8th Annual State of the Software Supply Chain Report Finds 96% of Known-Vulnerable Open Source Downloads Are Avoidable

Retrieved on: 
Tuesday, October 18, 2022

Las Vegas, Oct. 18, 2022 (GLOBE NEWSWIRE) -- Sonatype , the pioneer of software supply chain management, today unveiled its eighth annual State of the Software Supply Chain Report at the DevOps Enterprise Summit.

Key Points: 
  • Las Vegas, Oct. 18, 2022 (GLOBE NEWSWIRE) -- Sonatype , the pioneer of software supply chain management, today unveiled its eighth annual State of the Software Supply Chain Report at the DevOps Enterprise Summit.
  • With more open source being consumed than ever before, attacks targeting the software supply chain have increased as well, both in frequency and complexity.
  • Know what open source your open source is using - transitive dependencies account for 6 out of every 7 vulnerabilities affecting open source projects.
  • This years State of the Software Supply Chain report demonstrates how open source and software development is ever-evolving, and the imperative need to evolve with it, Fox added.