software supply chain;

Software Supply Chain Security Solution – Supply Chain Security Supervision (Part 2)

May 25, 2023

Continued from the previous post: Software Supply Chain Security Solution – Supply Chain Security Supervision (Part 1) II.  Open-source Software Risk Monitoring Driven by the open source community and the continuous development of open source, open source software is widely used in practical engineering projects, and the number is growing rapidly. The number of open […]

Software Supply Chain Security Solution – Supply Chain Security Supervision (Part 1)

May 25, 2023

NSFOCUS Security Labs is keeping an eye out for the trends in supply chain security and is pleased to share observations and thoughts with our blog readers. You will see the links for more posts we published about software supply chain security at the end of the article. In the next several posts, we are going to […]

Key Technologies for Software Supply Chain Security – Data Security Technology

May 15, 2023

According to Gartner’s supply chain security risk report in 2021[1], breaches of confidential or sensitive information constitute another major factor contributing to software supply chain risks. Hackers steal hard-coded credentials in source code, building logs, and infrastructure, such as API keys, encryption keys, tokens, and passwords, or locate vulnerabilities in a leaked software bill of […]

Key Technologies for Software Supply Chain Security—Detection Technique (Part 4)—Interactive Application Security Testing (IAST) and Fuzzing (Fuzz Testing)

April 17, 2023

Interactive Application Security Testing (IAST) IAST is a new application security testing technique that has become popular in recent years and is recognized by Gartner as one of the top 10 technologies in the cybersecurity field. IAST works to constantly monitor and collect the traffic or codes inside when the application is running, and transfer […]

Key Technologies for Software Supply Chain Security – Detection Technique (Part 3) – Dynamic Application Security Testing (DAST)

April 10, 2023

In actual attack scenarios, when the source code is often unavailable, a white-box-based model is used to analyze software vulnerabilities. Hackers mostly conduct black-box scans against running systems or services, looking for possible vulnerabilities to attack. DAST simulates a hacker’s attack using an outside-in detection technique on systems or services at runtime to detect possible […]

Key Technologies for Software Supply Chain Security – Detection Techniques (Part 2) – Static Application Security Testing (SAST)

April 4, 2023

NSFOCUS Security Labs is keeping an eye out for the trends in supply chain security and is pleased to share observations and thoughts with our blog readers. You will see the links for more posts we published about software supply chain security at the end of the article. From the perspective of the software life cycle, the […]

Key Technologies for Software Supply Chain Security – Detection Techniques (Part 1) – Software Composition Analysis

March 6, 2023

Software supply chain security detection techniques must cover the software delivery life cycle, including software design, building, testing, and operation. There are mainly five types of security detection techniques, namely software composition analysis (SCA), static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), and FUZZ testing. Each of these […]

Key Technologies for Software Supply Chain Security—Techniques for Generating and Using the List of Software Compositions (Part 2)

February 17, 2023

Key Technologies for Software Supply Chain Security—Techniques for Generating and Using the List of Software Compositions (Part 1) Analysis Tools of List of Software Compositions According to the classification by the LINUX Foundation [1], SBOM tools are grouped into three categories, namely, to produce, consume and transform. Each category has three functions. For the producing […]

Key Technologies for Software Supply Chain Security—Techniques for Generating and Using the List of Software Compositions (Part 1)

February 13, 2023

The list of software compositions and the software bill of materials (SBOM) are different in the requirements for the granularity of the “minimum elements” of the software, without a substantial difference in technical ideas and implementation steps. Considering the relatively mature SBOM generation tools and techniques, this document focuses on various key SBOM techniques and […]

Technical Framework of Software Supply Chain Security

January 31, 2023

NSFOCUS Security Labs is keeping an eye out for the trends in supply chain security and is pleased to share observations and thoughts with our blog readers. You will see the links for more posts we published about software supply chain security at the end of the article. In this post, we are going to […]

Search

Subscribe to the NSFOCUS Blog