Security News > 2023 > February > Have we learnt nothing from SolarWinds supply chain attacks? Not yet it appears

The hack of SolarWinds' software more than two years ago pushed the threat of software supply chain attacks to the front of security conversations, but is anything being done?
More recently, attackers have targeted code repositories like GitHub and PyPI and companies like CI/CD platform provider CircleCI, an incident that expanded the definition of a supply chain attack, according to Matt Rose, field CISO for cybersecurity vendor ReversingLabs.
In the same spirit, supply chain security vendor Chainguard is heading up a group that includes HPE, VMware, and The Linux Foundation to jumpstart the adoption of the Visibility Exploitability eXchange, a tool for addressing vulnerabilities in enterprise software.
For its part, cybersecurity vendor Checkmarx is building onto the supply chain security offering it released in March 2022 with a threat intelligence tool to focuses on the supply chain.
CISA reportedly is creating an office to address supply chain security and work with the public and private sectors to put federal policies in place.
Varun Badhwar, co-founder and CEO at supply chain security vendor Endor Labs, applauded CISA's decision to create the office, telling The Register that establishing "a new capability at such a high level stands out as a milestone."
News URL
https://go.theregister.com/feed/www.theregister.com/2023/02/05/supply_chain_security_efforts/
Related news
- North Korea targets crypto developers via NPM supply chain attack (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)