The software supply chain security tool will host new secret detection capabilities through the command-line interface to help developers prioritize remediation efforts.
A fully functional SentinelOne client is actually a Trojan horse that hides malicious code within; it was found lurking in the Python Package Index repository ecosystem.
Security pros say the Log4j vulnerability is another warning call for enterprises to get more disciplined when keeping track of software bills of materials.
Security Boulevard
Community Chats Webinars Library RSAC insights: SolarWinds hack illustrates why software builds need scrutiny at deployment
By patiently slipping past the best cybersecurity systems money can buy and evading detection for 16 months, the perpetrators of the SolarWinds hack reminded us just how much heavy lifting still needs to get done to make digital commerce as secure as it needs to be.
Obviously, one change for the better would be if software developers and security analysts paid much closer attention to the new and updated coding packages being assembled and deployed on the fly, in pursuit of digital agility.