Security News > 2021 > October > Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks
Historically, it's a big national security concern, as it should be, whether other governments might be poison-pilling some of our software and supply chains.
CW. Well, certainly one place to start with as a software provider is understanding that the security of your software is only as good as the security of your entire environment that's used to build and maintain that software.
That includes the security of your developer's desktops and how they authenticate, how they're maintained and patched, that kind of thing, all the way on to the computers that actually compile the code and package that code up for distribution.
The security of all those things around the software that build it are equally as important to that software security as the code in the software itself.
There are a million things that often end up with looser security for software engineers compared to the rest of the organization, not tighter.
You're trying to look at the whole picture of how seriously they take security, and how far are they along in providing all of the latest and best practices.
News URL
https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-supply-chain-attacks/
Related news
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)