7 top software supply chain security tools

nikholas

As the fallout from the Apache Log4J vulnerabilities earlier this year shows, the biggest risks in enterprise software today are not necessarily with insecure code written directly by in-house software development teams. The flaws of the components, libraries and other open-source code that makes up the bulk of today’s software code bases are the underwater part of the insecurity iceberg.

The truth is that so much of the enterprise software and custom applications produced by DevOps teams and software engineering groups is not actually coded by their developers. Modern software today is modular. Developers use what is called a microservices

  Read more

Data Theorem Supply Chain Secure identifies third-party vulnerabilities across the application software stack

nikholas

Data Theorem launched Supply Chain Secure, an attack surface management (ASM) product to address software supply chain security threats across the application full-stack of APIs, cloud services, SDKs, and open source software.

Data Theorem Supply Chain Secure

Data Theorem uniquely identifies third-party vulnerabilities across the application software stack with runtime analysis and dynamic inventory discovery that goes beyond traditional source code static analysis approaches and processing of software bill of materials (SBOMs).

High-profile security breaches such as SolarWinds, Kaseya, and Apache Log4j demonstrated the widespread damage that can occur for enterprise supply chains if third-party APIs, cloud services, SDKs, and open-source software have security flaws,

  Read more