Security News > 2023 > February > Have we learnt nothing from SolarWinds supply chain attacks? Not yet it appears

The hack of SolarWinds' software more than two years ago pushed the threat of software supply chain attacks to the front of security conversations, but is anything being done?

More recently, attackers have targeted code repositories like GitHub and PyPI and companies like CI/CD platform provider CircleCI, an incident that expanded the definition of a supply chain attack, according to Matt Rose, field CISO for cybersecurity vendor ReversingLabs.

In the same spirit, supply chain security vendor Chainguard is heading up a group that includes HPE, VMware, and The Linux Foundation to jumpstart the adoption of the Visibility Exploitability eXchange, a tool for addressing vulnerabilities in enterprise software.

For its part, cybersecurity vendor Checkmarx is building onto the supply chain security offering it released in March 2022 with a threat intelligence tool to focuses on the supply chain.

CISA reportedly is creating an office to address supply chain security and work with the public and private sectors to put federal policies in place.

Varun Badhwar, co-founder and CEO at supply chain security vendor Endor Labs, applauded CISA's decision to create the office, telling The Register that establishing "a new capability at such a high level stands out as a milestone."

News URL

https://go.theregister.com/feed/www.theregister.com/2023/02/05/supply_chain_security_efforts/