SSDF

JFrog and Carahsoft Partner to Better Secure the Public Sector’s Software Supply Chain

Retrieved on: 
Tuesday, February 20, 2024

JFrog Ltd. (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform , and Carahsoft Technology Corp. , the Trusted Government IT Solutions Provider®, today announced a partnership that empowers U.S. Government organizations to safeguard their software supply chains with automated DevSecOps workflows to secure software services consumed by citizens.

Key Points: 
  • JFrog Ltd. (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform , and Carahsoft Technology Corp. , the Trusted Government IT Solutions Provider®, today announced a partnership that empowers U.S. Government organizations to safeguard their software supply chains with automated DevSecOps workflows to secure software services consumed by citizens.
  • View the full release here: https://www.businesswire.com/news/home/20240220801804/en/
    New partnership empowers U.S. Government organizations to safeguard their software supply chains with automated DevSecOps workflows to secure software services consumed by citizens.
  • Gartner predicts that 45 percent of organizations worldwide will experience a software supply chain attack by 2025 (a three-fold increase from 2021).
  • “JFrog’s platform provides agencies with unparalleled security, agility and peace of mind for their software supply chain.

Network Resilience Coalition Offers Recommendations for Improving Network Infrastructure Security in New White Paper

Retrieved on: 
Tuesday, January 23, 2024

A new white paper released today from the Network Resilience Coalition, an alliance composed of technology providers, security experts, and network operators, offers recommendations on how vendors and users of networking products can collaborate to improve the overall security of networks.

Key Points: 
  • A new white paper released today from the Network Resilience Coalition, an alliance composed of technology providers, security experts, and network operators, offers recommendations on how vendors and users of networking products can collaborate to improve the overall security of networks.
  • The white paper, “Protecting Network Resiliency” was developed after months of collaboration between industry and security experts through the Network Resilience Coalition , which launched in the summer of 2023 to improve the security, safety, and resilience of the hardware and software that makes up our networks.
  • According to the paper, the long-term benefits, such as preventing disruptive incidents and enhancing overall network resilience, outweigh the upfront costs of implementing these best practices.
  • “Network resilience is vital for the security of critical network infrastructure on which our economy relies,” said Ari Schwartz, coordinator of the Center for Cybersecurity Policy & Law, a leading cyber-policy focused non-profit that formed the Network Resilience Coalition.

Anchore Reports Strong Success in Federal and Enterprise Markets, Team Growth

Retrieved on: 
Tuesday, November 14, 2023

SANTA BARBARA, Calif., Nov. 14, 2023 /PRNewswire/ -- Anchore, Inc., the leading experts in software supply chain security and federal compliance, today announced strong growth and continued business momentum heading into 2024.

Key Points: 
  • "Despite the broader economic hurdles, we're ecstatic to see continued growth in demand for Anchore's security solutions," remarked Saïd Ziouani, Anchore CEO.
  • In preparation for continued growth and advancement in 2024, Anchore added two new industry leaders to its advisory team.
  • As the company continues to advance and expand, Anchore has added two enterprise software industry veterans to its management team.
  • Anchore Enterprise 5.0 now includes integrations with ServiceNow and Harness which complement its support for existing platforms such as GitLab, GitHub, and Jenkins.

New Report Shows Disconnect Between Developers and Security Teams on Software Supply Chain Security Priorities and Responsibilities

Retrieved on: 
Wednesday, November 8, 2023

KIRKLAND, Wash., Nov. 8, 2023 /PRNewswire/ -- Chainguard, the leading software supply chain security company, today released the results of its inaugural report on the perspectives of CISOs and developers when it comes to tackling software supply chain security within their organization.

Key Points: 
  • The 2023 CISO & Developer Trends in Software Supply Chain Security Report , conducted by The Harris Poll, surveyed 520 security decision-makers (n=268) and developers (n=252) on how the different roles view overall responsibilities and expectations for software supply chain security, the importance of software supply chain security, and the pain points and successes in each team's approach to software supply chain security.
  • Despite disagreements on how each team views the other's security prowess or understanding of tooling, software supply chain security is a top priority for developers and security teams alike.
  • According to the report, in alignment with the importance already placed on software supply chain security by developers and CISOs, most say that their organizations already have some tools in place to address software supply chain security.
  • In addition to the existing adoption of software supply chain security tooling and frameworks, CISOs and developers expect changes to come in the next five years for software supply chain security at their organizations.

FreeBSD Foundation Announces SSDF Attestation

Retrieved on: 
Friday, November 3, 2023

BOULDER, Colo. and SAN JOSE, Calif., Nov. 03, 2023 (GLOBE NEWSWIRE) -- The FreeBSD Foundation, the public charity dedicated to advancing the open source FreeBSD operating system and supporting its community, today announced a new service to aid commercial users of FreeBSD with the National Institutes of Standards and Technology (NIST) Secure Software Development Framework (SSDF).

Key Points: 
  • BOULDER, Colo. and SAN JOSE, Calif., Nov. 03, 2023 (GLOBE NEWSWIRE) -- The FreeBSD Foundation, the public charity dedicated to advancing the open source FreeBSD operating system and supporting its community, today announced a new service to aid commercial users of FreeBSD with the National Institutes of Standards and Technology (NIST) Secure Software Development Framework (SSDF).
  • With governments around the world recognizing the ubiquity of open source, the importance of open source to innovate, and the need for security by design and default, the FreeBSD Foundation is proud to provide SSDF Attestation to our commercial partners,” said Ed Maste, Senior Director of Technology with the FreeBSD Foundation.
  • To ensure access to commercial users of all sizes, the FreeBSD SSDF Attestation report is available to all FreeBSD Foundation partners regardless of donation level: Silver, Gold, or Platinum.
  • "As a startup, the SSDF Attestation report from FreeBSD Foundation is a welcome help and important enabler to our Federal Government growth strategy."

Fortress Information Security Bolsters Software Attestation Capabilities Ahead of Expected 2024 Deadline for Federal Agencies

Retrieved on: 
Monday, October 23, 2023

ORLANDO, Fla., Oct. 23, 2023 /PRNewswire/ -- Today, Fortress Information Security released new software attestation capabilities to enable government agencies and government contractors to meet stringent software security mandates expected in early 2024. With improved capabilities for Software Supply Chain Security (SSCS), Fortress' newest offering helps public sector supply chains become more secure and resilient.

Key Points: 
  • ORLANDO, Fla., Oct. 23, 2023 /PRNewswire/ -- Today, Fortress Information Security released new software attestation capabilities to enable government agencies and government contractors to meet stringent software security mandates expected in early 2024.
  • With improved capabilities for Software Supply Chain Security (SSCS), Fortress' newest offering helps public sector supply chains become more secure and resilient.
  • New federal mandates require all federal vendors and contractors to complete an attestation form for software products they sell to federal agencies.
  • Attestations assure that software used by government agencies is securely developed according to the National Institute of Science and Technology's (NIST) Secure Software Development Framework (SSDF).

Tidelift Introduces Advanced Open Source Intelligence Capabilities To Improve Software Supply Chain Security in Partnership with Maintainers

Retrieved on: 
Wednesday, October 11, 2023

This allows organizations to make more informed decisions about open source and reduce related risk, while having assurances that the software they depend on will be there in the future.”

Key Points: 
  • This allows organizations to make more informed decisions about open source and reduce related risk, while having assurances that the software they depend on will be there in the future.”
    New open source software intelligence capabilities, including API access
    Tidelift’s open source package intelligence data is researched and validated by Tidelift and its paid maintainer partners and available via the Tidelift Subscription.
  • Organizations can save time by letting Tidelift do the work to collect open source intelligence data at scale, across millions of open source packages.
  • Learn more about the kinds of open source software intelligence data available via the Tidelift Subscription.
  • "Solutions like the Tidelift open source data intelligence capabilities can be ideal for organizations seeking human-validated data on the secure software development practices used in open source projects, " said Jim Mercer, research vice president of DevOps and DevSecOps at IDC.

SolarWinds Commemorates Cybersecurity Awareness Month by Highlighting Software Industry’s Secure by Design Progress

Retrieved on: 
Monday, October 9, 2023

SolarWinds (NYSE:SWI), a leading provider of simple, powerful, secure observability and IT management software, commemorates Cybersecurity Awareness Month by highlighting the software industry’s progress toward becoming more Secure By Design.

Key Points: 
  • SolarWinds (NYSE:SWI), a leading provider of simple, powerful, secure observability and IT management software, commemorates Cybersecurity Awareness Month by highlighting the software industry’s progress toward becoming more Secure By Design.
  • Informed by years of experience from industry-leading cybersecurity experts, the SolarWinds Secure by Design initiative is a gold-plated cybersecurity approach to software build systems and processes that set a new standard in software supply chain security.
  • SolarWinds developed Secure By Design to address the evolving threat of highly sophisticated and unforeseeable cyberattacks, including those by advanced nation-state threat actors.
  • With a focus on creating more secure environments, the SolarWinds Secure By Design guiding principles were designed to make both the company and the software industry at large safer.

Legit Security Expands Platform Capabilities for Application Security Posture Management

Retrieved on: 
Tuesday, August 22, 2023

PALO ALTO, Calif., Aug. 22, 2023 /PRNewswire/ -- Legit Security , a cyber security company with an enterprise Application Security Posture Management (ASPM) platform for secure application delivery and software supply chain security, today announces expanded capabilities to provide comprehensive visibility into an application's security posture including deep contextual insights and automated detection-to-remediation workflows so enterprises can release software fast while protecting against evolving threats.

Key Points: 
  • PALO ALTO, Calif., Aug. 22, 2023 /PRNewswire/ -- Legit Security , a cyber security company with an enterprise Application Security Posture Management (ASPM) platform for secure application delivery and software supply chain security, today announces expanded capabilities to provide comprehensive visibility into an application's security posture including deep contextual insights and automated detection-to-remediation workflows so enterprises can release software fast while protecting against evolving threats.
  • Legit Security's ASPM platform provides a unified solution to address these challenges by consolidating visibility and risk management across multiple development and security tools, allowing for streamlined management, scalability and efficiency.
  • Legit Security gives us a single place to orchestrate all application security issues from code to cloud, event management, misconfigurations, known vulnerabilities, and code quality issues, end-to-end in a single platform."
  • Legit Security extends upon its enterprise ASPM platform with several new and innovative capabilities announced today:
    Custom security controls that provide a powerful and convenient way to create, manage and enforce automated application security guardrails for code scanning, CI/CD pipeline security and more.

SolarWinds Next-Generation Build System Wins CSO50 Award for IT Infrastructure Monitoring and Management

Retrieved on: 
Wednesday, August 2, 2023

SolarWinds (NYSE:SWI), a leading provider of simple, powerful, secure observability and IT management software, announced its Next-Generation Build System received a CSO50 Award for IT Infrastructure Monitoring and Management.

Key Points: 
  • SolarWinds (NYSE:SWI), a leading provider of simple, powerful, secure observability and IT management software, announced its Next-Generation Build System received a CSO50 Award for IT Infrastructure Monitoring and Management.
  • The Next-Generation Build System, a key component of the SolarWinds Secure by Design initiative, is a new secure software framework leveraging a unique parallel-build process where software is developed in multiple secure, duplicate, and ephemeral environments.
  • SolarWinds has taken a leadership role in calling for increased information sharing across the industry and more robust public-private partnerships to combat increasingly sophisticated nation-state cyberattacks.
  • To support collaboration among the public and private sectors, SolarWinds recently hosted a panel discussion in Washington, D.C., highlighting several key ways to help the industry stay secure.