Sonatype Finds 700% Average Increase in Open Source Supply Chain Attacks – Yahoo Finance

New Data Underscores Critical Need for Early Defense Against Malicious Code
Fulton, Md., Sept. 20, 2022 (GLOBE NEWSWIRE) — Sonatype, the pioneer of software supply chain management, has found a massive increase in cyberattacks aimed at open source project ecosystems. According to early data from Sonatype’s 8th annual State of the Software Supply Chain Report, which will be released in full this October, Sonatype has recorded an average 700% jump in repository attacks over the last three years.

To capitalize on weaknesses in upstream open source ecosystems, cybercriminals continue to target organizations through open source repositories. They contribute malware-infected software components that are distributed downstream and ingested by applications that businesses and consumers rely on. As of this publication date, Sonatype’s industry-leading repository Firewall has identified more than 55,000 newly published packages as malicious in open source repositories over the past year, and nearly 95,000 over the past three years. Firewall is part of the Sonatype Nexus platform, the world’s most complete software supply chain management solution. DevSecOps teams worldwide rely on the Nexus platform to automate policy enforcement, without slowing innovation.

Sonatype’s repository Firewall is the only solution that combines next-generation behavioral analysis and automated policy enforcement to continuously detect and block malicious packages, in addition to potentially vulnerable components. Using artificial intelligence, Firewall evaluates every newly-released open source software component—an average of over 600,000 newly-released components per month—and determines if it is a potential threat. Those that are “known bad” (such as a critically malicious typosquat) are automatically blocked from download. Components identified as “potential threats” are quarantined until they are then manually confirmed or cleared of vulnerabilities by Sonatype’s security research team. Code identified as safe is cleared for use. 

“Almost every modern business relies on open source. Clearly, the use of open source repositories as an entry point for malicious attacks shows no signs of slowing down–making the early detection of both known and unknown security vulnerabilities more important than ever,” said Brian Fox, co-founder and CTO of Sonatype. “Stopping malicious components before they come in the door is a fundamental element of risk prevention and should be a part of every conversation around protecting software supply chains.”

The scale of open source malware attacks is so great that it’d be humanly impossible to detect and prevent every single attack in real time. And even if a malicious component isn’t used in the final product, it doesn’t matter–allowing it to be downloaded on the developer’s machine is already too late. Firewall’s proprietary malicious component detection and blocking prevents dangerous components from ever entering into a software’s development life cycle, protecting developers from using harmful components and organizations from the ever-increasing cost of a cybersecurity breach.

“The volume, frequency, severity, and sophistication of malicious cyberattacks continue to increase. Organizations can’t–and shouldn’t–avoid the use of open source just to protect themselves,” Fox added. “But they can use preventative tools – such as the Sonatype Firewall – to keep developers on track and software supply chains secure.”

Sonatype is the software supply chain management company. We empower developers and security professionals with intelligent tools to innovate more securely at scale. Our platform addresses every element of an organization’s entire software development life cycle, including third-party open source code, first-party source code and containerized code. Sonatype identifies critical security vulnerabilities and code quality issues and reports results directly to developers when they can most effectively fix them. This helps organizations develop consistently high-quality, secure software which fully meets their business needs and those of their end-customers and partners. More than 2,000 organizations, including 70% of the Fortune 100, and 15 million software developers already rely on our tools and guidance to help them deliver and maintain exceptional and secure software.

Nvidia Corp. Chief Executive Jensen Huang on Wednesday said he thinks it's going to be "a pretty terrific Q4 for Ada," the company's next-generation chip architecture it unveiled this week, even as critics balk of a price hike during a softening in consumer demand.
Nvidia CEO Jensen Huang says that expecting twice the performance for similar cost is "a thing of the past" for the chip industry.
Mizuho Securities reduced its fundamental rating of Western Digital to "Neutral" from "Buy" earlier on Wednesday. In this daily bar chart of WDC, below, we can see how prices have weakened in the past twelve months. The On-Balance-Volume (OBV) line has been weak all year and just declining to a new low for the move down.
When looking for the best artificial intelligence stocks to buy, identify companies using AI technology to improve products or gain a strategic edge, such as Google, Microsoft and Nvidia.
iOS 16.0.2 is now available and will fix quite a few bugs affected the mobile platform.
Oracle (NYSE: ORCL) reported solid results in its first fiscal quarter. On a constant currency basis (without foreign currency effects), its cloud infrastructure revenue increased 58% year over year, and cloud application revenue jumped 48%. In addition to the impressive cloud business growth, Oracle's founder and chairman, Larry Ellison, delivered some shocking news.
The tech-heavy Nasdaq has been crushed this year. The Nasdaq Composite is down 27% and could be a fertile breeding ground for quality high-growth stocks selling at mouthwatering prices. Apple (NASDAQ: AAPL) is the largest holding in Warren Buffett's company, Berkshire Hathaway.
Pre-sales for the latest iPhone may seem strong, but its lower-tiered models are not selling as expected.
To help you identify investments that are most worthy of your hard-earned money, I offer my three highest-conviction ideas right now. All are outstanding businesses that are well-positioned to generate handsome returns for their shareowners in the coming years. Snowflake (NYSE: SNOW) helps businesses make better use of their data at a time when harvesting valuable insights from the cloud is becoming more important every day.
Yahoo Finance’s Daniel Howley joins the Live show to break down his review of Apple’s second-generation AirPods Pro.
Advanced Micro Devices (AMD) launches Ryzen and Athlon Processor to increase laptop battery life.
The lawsuit alleges that Meta bypassed Apple’s anti-tracking features
Tesla , the electric vehicle maker, has just announced a recall of nearly 1.1 million vehicles because the power windows may close too fast and could pinch a driver or passengers. "The window automatic reversal system may not react correctly after detecting an obstruction," the U.S. National Highway Traffic Safety Administration said in a filing dated Sept. 19. The solution at Tesla is simply a software update: "Tesla will perform an over-the-air software update of the automatic window reversal system, free of charge," the federal Agency said.
If your sticker shock from Nvidia’s reveal of astronomical prices for its new 4000-series graphics cards yesterday gave you disadvantage on perception checks, I bring bad news: It’s not likely to get any better, at least as far as Nvidia is concerned. It seems team green is sticking to those sky-high prices for its new cards and, based on comments from CEO Jensen Huang, we should expect such prices to be the new normal.
Computer Software industry participants like Synopsys (SNPS), Cadence Design Systems (CDNS) and DecisionPoint (DPSI) benefit from steady digital transformations and strong adoption of cloud computing.
The Norwegian browser company has already offered in-browser crypto wallet support to nine blockchains since its beta version in January.
Cybersecurity stocks have underperformed vs. the S&P 500. But cloud security companies may be better positioned as corporate budgets tighten.
Home fitness solutions provider Nautilus Inc (NYSE: NLS) has launched the Bowflex BXT8J treadmill with JRNY adaptive fitness app compatibility at select online and in-store retail partners. The treadmill is priced at $1,299 (MSRP) and is available at select retailers. The Bowflex BXT8J treadmill offers high-performance cardio combined with the ability to pair the user's device to the JRNY adaptive fitness app. The JRNY adaptive fitness membership provides access to Explore the World routes, JRNY
(Bloomberg) — US intelligence agents gained control of parts of China’s telecommunications network after hacking into a government-funded university, a prominent state-backed newspaper reported, issuing Beijing’s latest accusation of US cyber-intrusion.Most Read from BloombergJapan to Restore Visa-Free Travel From Oct. 11 as Covid Pandemic Recedes South Korea President Caught on Hot Mic Insulting US CongressUnless Rents Rise, Housing Is Set Up for an Epic CrashA Great Copper Squeeze Is Coming f
(Bloomberg) — Even as the Federal Reserve jacks up interest rates and sends technology stocks tumbling, it only gets harder to stay away from the sector. Most Read from BloombergJapan to Restore Visa-Free Travel From Oct. 11 as Covid Pandemic Recedes South Korea President Caught on Hot Mic Insulting US CongressA Great Copper Squeeze Is Coming for the Global EconomyPutin's Order for 300,000 Fighters Drives Russians to the Streets in ProtestUkraine Seizes Dozens of Russian Tanks Left by Fleeing F


Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing…

Post expires at 9:18am on Thursday March 23rd, 2023

Leave a Reply

Next Post

Crypto firm Wintermute hit by $160 million theft - CNN

Fri Sep 23 , 2022
Crypto firm Wintermute hit by $160 million theft  CNNsource— Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing… Post expires at 9:18am on Thursday March 23rd, 2023
%d bloggers like this: