Cloud Native Security, Container Security & Serverless Security Mon, 15 Jul 2024 09:36:57 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/lasting-legacy-of-log4j-lessons-for-runtime-security/ Wed, 13 Dec 2023 12:02:20 +0000 https://www.aquasec.com/?p=14178 Another December is upon us, stores are full of shoppers, lights are illuminating cities, towns and cul-de-sacs as radio stations bombard listeners with the continuous rotation of holiday music. Yet amongst all this merriment sits the IT security professional behind their screen completing their end of year tasks. Their eyes slowly twitch, and they fill …]]> https://www.aquasec.com/blog/combating-unknown-unknowns-in-hybrid-it-environments/ Wed, 08 Nov 2023 18:12:01 +0000 https://www.aquasec.com/?p=17498 https://www.aquasec.com/blog/zero-day-attack-prevention-through-supply-chain-security/ Thu, 02 Mar 2023 14:46:13 +0000 https://www.aquasec.com/?p=14460 Supply chain security has made lots of headlines recently thanks to events like the SolarWinds breach. That and similar events highlight the importance of having a strategy in place to respond to zero-day attacks which can take advantage of vulnerable software components. I recently organized a webinar with and Teresa Pepper, our EMEA Partner Manager. …]]> https://www.aquasec.com/blog/software-compositio-analysis-vs-supply-chain-security/ Thu, 09 Feb 2023 15:15:08 +0000 https://www.aquasec.com/?p=14463 As reliance on software increases in both personal and professional contexts, security of the software supply chain has become a critical concern. Ensuring the security and quality of software is essential for protecting against digital attacks, data breaches, and other cyber threats. Two practices that play a key role in ensuring software security are software …]]> https://www.aquasec.com/blog/summary-compliance-guide-to-ssdf/ Tue, 24 Jan 2023 11:00:00 +0000 https://www.aquasec.com/?p=14490 NIST has recently researched, defined, and released an entirely new standard for incorporating security into the software development lifecycle called The Secure Software Development Framework.  It was uniquely designed to help address the tremendous gaps in software supply chain security that expose organizations to methodical attacks on an organization’s code, infrastructure, development toolchain, and dependencies. …]]> https://www.aquasec.com/blog/slsa-or-cis-software-supply-chain-security-guidelines/ Thu, 12 Jan 2023 13:43:14 +0000 https://www.aquasec.com/?p=14492 With recent software supply chain attacks on the rise, CISOs being held personally liable, and the United States government requiring minimum security software standards for any products and services they procure, the development industry is refocusing on software development strategies that make security a priority. But with so many reputable sources creating guidance, which is …]]> https://www.aquasec.com/blog/supply-chain-security-shifting-left-to-the-golden-pipeline/ Wed, 11 Jan 2023 11:00:00 +0000 https://www.aquasec.com/?p=14493 According to an article in Security Magazine, 98% of organizations have been negatively impacted by a cybersecurity breach in their supply chain. Aqua’s 2021 Software Supply Chain Security Review notes that “attackers focused heavily on open source vulnerabilities and poisoning, code integrity issues, exploiting the software supply chain process and supplier trust to distribute malware …]]> https://www.aquasec.com/blog/trivy-software-supply-chain-security/ Thu, 22 Sep 2022 15:44:36 +0000 https://www.aquasec.com/?p=14615 Application security teams are challenged today with the need for a centralized view of exposure to security issues like Log4j and Spring4Shell. But an exploding set of artifacts and security tools makes it prohibitively difficult to secure the development life cycle. A universal scanner drastically reduces this management overhead and gets you started quickly. We …]]> https://www.aquasec.com/blog/gartner-report-sbom-security/ Mon, 02 May 2022 09:30:00 +0000 https://www.aquasec.com/?p=14814 In its recent Innovation Insight for SBOMs report,* Gartner highlights the benefits of using software bills of materials (SBOMs) to secure modern, fast-paced DevOps pipelines. SBOMs shed light on blind spots in the software supply chain by enumerating all proprietary and open source components and enable the effective mitigation of risks. Without this visibility, organizations’ …]]> https://www.aquasec.com/blog/software-supply-chain-attacks-2021/ Tue, 25 Jan 2022 15:20:59 +0000 https://www.aquasec.com/?p=14986 As CI/CD pipelines have become an increasingly popular attack vector, 2021 saw a huge rise in software supply chain attacks. With their number more than tripling in the past year, securing the software delivery process is one of the most urgent needs. In our latest study, we examine the top supply chain security threats that …]]>