Security News > 2023 > February > Have we learnt nothing from SolarWinds supply chain attacks? Not yet it appears
The hack of SolarWinds' software more than two years ago pushed the threat of software supply chain attacks to the front of security conversations, but is anything being done?
More recently, attackers have targeted code repositories like GitHub and PyPI and companies like CI/CD platform provider CircleCI, an incident that expanded the definition of a supply chain attack, according to Matt Rose, field CISO for cybersecurity vendor ReversingLabs.
In the same spirit, supply chain security vendor Chainguard is heading up a group that includes HPE, VMware, and The Linux Foundation to jumpstart the adoption of the Visibility Exploitability eXchange, a tool for addressing vulnerabilities in enterprise software.
For its part, cybersecurity vendor Checkmarx is building onto the supply chain security offering it released in March 2022 with a threat intelligence tool to focuses on the supply chain.
CISA reportedly is creating an office to address supply chain security and work with the public and private sectors to put federal policies in place.
Varun Badhwar, co-founder and CEO at supply chain security vendor Endor Labs, applauded CISA's decision to create the office, telling The Register that establishing "a new capability at such a high level stands out as a milestone."
News URL
https://go.theregister.com/feed/www.theregister.com/2023/02/05/supply_chain_security_efforts/
Related news
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (source)