Industry Macro Background and the Software Supply Chain Crisis By 2026, the deepening of global digital transformation, coupled with the proliferation of Generative AI and large language models, is reshaping software development. The industry is shifting from being "efficiency-driven" to "governance-driven." The root cause lies in the loss of visibility...
Tag: software supply chain;
Software Supply Chain Security Solution – Supply Chain Security Supervision (Part 2)
Continued from the previous post: Software Supply Chain Security Solution - Supply Chain Security Supervision (Part 1) II. Open-source Software Risk Monitoring Driven by the open source community and the continuous development of open source, open source software is widely used in practical engineering projects, and the number is growing...
Software Supply Chain Security Solution – Supply Chain Security Supervision (Part 1)
NSFOCUS Security Labs is keeping an eye out for the trends in supply chain security and is pleased to share observations and thoughts with our blog readers. You will see the links for more posts we published about software supply chain security at the end of the article. In the next several...
Key Technologies for Software Supply Chain Security – Data Security Technology
According to Gartner's supply chain security risk report in 2021[1], breaches of confidential or sensitive information constitute another major factor contributing to software supply chain risks. Hackers steal hard-coded credentials in source code, building logs, and infrastructure, such as API keys, encryption keys, tokens, and passwords, or locate vulnerabilities in...
Key Technologies for Software Supply Chain Security—Detection Technique (Part 4)—Interactive Application Security Testing (IAST) and Fuzzing (Fuzz Testing)
Interactive Application Security Testing (IAST) IAST is a new application security testing technique that has become popular in recent years and is recognized by Gartner as one of the top 10 technologies in the cybersecurity field. IAST works to constantly monitor and collect the traffic or codes inside when the...
Key Technologies for Software Supply Chain Security – Detection Technique (Part 3) – Dynamic Application Security Testing (DAST)
In actual attack scenarios, when the source code is often unavailable, a white-box-based model is used to analyze software vulnerabilities. Hackers mostly conduct black-box scans against running systems or services, looking for possible vulnerabilities to attack. DAST simulates a hacker's attack using an outside-in detection technique on systems or services...
