Edgar ter Danielyan’s Post

Yesterday we made a big announcement regarding not only the technical capabilities of our platform, but also the expansion of the end users we are solving problems for. We have learned an incredible amount from our origin of supporting firmware and embedded operating systems, but realized the problems that exist in that space, exist across all device types within an organization. Announcing support for Windows and containers is just the first step in addressing the true nature of the software supply chain security problem, the compiled code that exists in your environment. The lessons learned from being able to generate SBOMs and identify supply chain risk within firmware forced us to learn some really important lessons. These lessons translate to all other compiled code and makes supporting these other artifacts significantly easier than if we did not have that experience. Come visit our booth and let us show you what the future of software supply chain security looks like. NetRise is the world’s first Supply Chain Detection & Response company oriented towards the end users of software and providing visibility into that software in a way currently not present in the market. The days of shifting left have not addressed the problems that continue to persist in this industry, the market needs a new approach, a shift RIGHT approach. Come by booth #3019 to learn more and remember, we will also have a big presence at DEF CON, so we aren’t done once BlackHat ends. https://lnkd.in/gJ-cgXWA

Shadow IT makes up more than one-third of your software stack. While it is a source of overspending, inefficiency, and security risks, the biggest problem is that you don’t even know what apps you’re dealing with. 😬 In our latest episode of #SaaSMeAnything, Ben Pippenger explains how enterprises can get a handle on shadow IT and keep it from creeping back into their software environment. Say goodbye to shadow IT: https://lnkd.in/g235bk4d

In today’s modern world we all know software updates are an inevitable part of the digital age. We talk about promised bug fixes, new features, and improved performance. Yet, the reality is often far less rosy. From minor glitches to catastrophic failures, software updates can turn into nightmares for both users and developers alike. With On-site support and many other services these updates can be managed with very little inconvenience. https://lnkd.in/gtuHeQYF

People have different ways to spend their vacation-time, and some of mine went into the theme of *summer of compliance*. We started with open source license compliance that we have a routine for in the application (code) layer, but uncertainties around tooling on the OS and middleware layers, especially with use of Docker images. Picked up principles on how each layer is treated differently, but then got to building that SBOM - software bill of materials - on things that we use and add to. You would start understanding the tools by trying out the tools, and we tried five in total. Two were security compliance tools and while they generate component listings, it would appear they only did so for vulnerable components, leading to low detection of components. Three were SBOM tools. While total detections of components and versions vary, the detection of licenses varies even more. Looks like our summer of compliance moves into multi-scanner mode over making choices. Which is good, because this is definitely still also a moving landscape.

Need a clear look at how your software is doing? I can help with a detailed audit. I’ll check your code for best practices, security, and performance, then give you simple insights and tips. Want to get started? Send me a message and let's set up your Software Audit! 💻 #SoftwareAudit #CodeReview #TechInsights #AuditService #SoftwareCheck

Use the OpenSSF (https://openssf.org/) Scorecard to assess 19 different vectors with heuristics (“checks”) associated with important software security aspects and assign each check a score of 0-10. You can then use these scores to understand specific areas of your software development projects to improve in order to strengthen their security postures.

💡 "Don’t Install Security Cameras Before You Know the Layout of the House" If you're thinking about how to build a modern application security program that scales ... and accounts for all the added complexities we're seeing (think #GenAI, #secrets, #compliance) ... this guide is a great resource! Check it out. Congrats to Legit field CTO, Joe N. and Suzanne Ciccone for delivering such a great piece of content. #ASPM #SSCS #AppSec #cybersecurity

⛓️ Software supply chain extends beyond third-party and open-source software. 🔨There are many opportunities for misconfiguration, such as of build servers. 🗒️ Complying with software security regulations is cumbersome and taxing. 🔎 Visibility into all links in the software factory is a significant challenge. 📝 There are too many AppSec testing results, without enough context. 👀 Siloed teams are preventing a holistic view of product security. 🤐 Secrets remaining exposed is a real and growing problem. 📈 There are too many dashboards, and too much noise. 🕗 It’s time-consuming to correlate all these results. 💻 Scanning source code alone is not enough. 🆕 It’s clearly time for a new approach. We are pleased to announce the publication of “A New Approach to Application Security: Stop Collecting Tools, Start Building a Foundation:” Scroll through below, download a copy here: https://lnkd.in/dxSV2jsx Or Stop by Booth S232 at RSA to get an easy-to-carry booklet-size version. #ASPM #LegitSecurity #softwaresupplychainsecurity #applicationsecurity

Security is never optional. - We can say ”we’ll polish the user experience once we validate demand”. - We can say ”we’ll improve performance once we 10x our userbase”. - We can even say ”we’ll hold off on certain features until we ship the first version”. But we can never, ever, consider security best practices as optional. We can never, ever, put our trusting customers and their data at risk. Security is never optional for any serious software company. #softwareengineering

New "Security" post on TechCrunch: Socket lands a fresh $40M to scan software for security flaws The software supply chain, which comprises the components and processes used to develop software, has become precarious. According to one recent survey, 88% of companies believe poor software supply chain security presents an “enterprise-wide risk” to their organizations. Open source supply chain components are especially fraught, thanks to the logistical hurdles in keeping each component well-maintained. […] © 2024 TechCrunch. All rights reserved. For personal use only. https://tcrn.ch/48j3t4t