It is not uncommon for open source licenses to change. When licenses change, users often need to re-evaluate compliance risks. Take Redis as an example. Redis is a popular key-value store whose open source license has undergone changes from BSD to SSPL and then to AGPL, which has caused widespread...
Tag: supply chain security;
The Supply Chain Conspiracy: Cyber Attacks Behind the Lebanon Explosions
On September 17 and 18, a series of devastating explosions rocked Lebanon, resulting in 37 fatalities and nearly 3,000 injuries, according to the Lebanese Minister of Public Health. Initial investigations suggest these attacks were not mere accidents but rather the result of a sophisticated cyber operation targeting communication devices. Understanding...
AI Supply Chain Security: Hugging Face Malicious ML Models
Introduction to Hugging Face Malicious ML Models Background A recent report by JFrog researchers found that some machine learning models on Hugging Face may be used to attack the user environment. These malicious models will lead to code execution when loaded, providing the attacker with the ability to gain full...
Software Supply Chain Security Solution – Supply Chain Security Control
Establishing a Software Supply Chain Asset Register An organization's products and services are diverse and complex. By establishing a software supply chain asset register, you can have a clear understanding of the supply chain relationships within your organization. The organization needs to create a comprehensive inventory of suppliers, software, tools,...
An Insight into RSA 2023: 5 Open Source Security Tools All Developers Should Know About
In the process of developing code, developers will worry about whether there are security problems in the image of code, dependencies and projects packaged. In the RSAC 2023 this year, David Melamed and Luke O'Malley recommended five open source security tools in their speech "5 Open Source Security Tools All...
Software Supply Chain Security Solution – Supply Chain Security Supervision (Part 2)
Continued from the previous post: Software Supply Chain Security Solution - Supply Chain Security Supervision (Part 1) II. Open-source Software Risk Monitoring Driven by the open source community and the continuous development of open source, open source software is widely used in practical engineering projects, and the number is growing...
