5/4/23: May the 4th Edition!

May the force (fourth) be with you to protect your software supply chains! Here are this week's highlights:

Open-source software needs more security

According to a new report by Tidelift, 52% of open-source maintainers are unaware of major open-source security standards. 77% of maintainers would like to be paid for their work and are pushing back on the expectation that they take greater responsibility for security since they aren't given the resources.

US Government initiative seeks enhanced software supply chain

U.S. Department of Homeland Security (Science & Technology) awarded AppCensus , Chainguard , Deepbits Technology , Manifest , Scribe - E2E Software Supply Chain Security , TestifySec , and Veramine Inc., grants to work as a cohort to develop a multi-format SBOM translator and a software component identifier translator to be delivered as open-source libraries.

Global cyber attacks on the rise

Check Point Software 's new report found that in Q1 2023 compared to the same period last year, with each firm facing an average of 1248 attacks per week.

The untold story of SolarWinds

It became clear that although the attackers had infected thousands of servers, they had dug deep into only a tiny subset of those networks—about 100. The main goal appeared to be espionage.

SBOMs and memory safety

As SBOMs give first the government, then the industry at large, the standard method to inspect software packages, markets will be able to galvanize much faster to weed out critical software vulnerabilities.

Subscribe for more weekly security highlights!