August 2024 OX Security Newsletter: RBAC, Transitive Vulnerabilities, and the Latest AppSec Insights!

August 2024 OX Security Newsletter: RBAC, Transitive Vulnerabilities, and the Latest AppSec Insights!

Welcome to the August 2024 edition of the OX Security newsletter, your source for AppSec insights, news & events. This month, we highlight feature updates, noteworthy content, upcoming events, and more!

What’s New in the Product

  1. RBAC: Tired of being the go-between for colleagues who need to understand the state of your application landscape? Well, good news! OX now offers expanded role assignments with data scopes. Easily onboard new OX users and give them the data they need to move quicker and make better AppSec decisions. Read more here.

  1. Connect your EKS clusters to OX Security so we can map your organization's security vulnerabilities from code to cloud. Available in-platform now, by connecting EKS, OX is better able to determine vulnerability reachability and build an enhanced map (i.e., Attack Path) of your environment. 

  1. Artifact Integrity: OX is improving how you identify and assess the software your devs are building in the cloud. Our enhanced artifact integrity capabilities verify that artifacts in your registry and in cloud are from trusted sources and haven’t been tampered with. Want to get in on the beta? Let us know!

  1. As always, check out some our latest integrations! In particular — the new MS Defender for Cloud connector provides enhanced end-to-end visibility and traceability. Use the Defender for Cloud connector to map your cloud security scans into a centralized software pipeline integrity view.

Featured Research

OX researchers Eyal Paz and Liad Cohen presented Will We Survive The Transitive Vulnerability Locusts at Black Hat USA 2024. Read the summary report to learn how to quantify and manage the often-overlooked risks associated with transitive dependencies in software. 

We are excited to share OX Security’s latest findings in the first annual OSC&R report,  "OSC&R in the Wild: A New Look at the Most Common Software Supply Chain Exposures." Based on detailed analysis of over 100 million security alerts, this report provides critical insights into the state of software supply chain security. Our researchers, in collaboration with the OSC&R community, uncovered some startling statistics, including that 95% of organizations have at least one severe security risk within their software supply chain. 

Download the full report for free here.

In the News

Dark Reading — News Desk 2024: Eyal Paz and Liad Cohen on Transitive Vulnerabilities 

OX’s own Eyal Paz , VP of Research, and Liad Cohen, Data Scientist, are featured in Dark Reading’s News Desk, live from Las Vegas.

CyberRisk TV — AppSec Evolution: Navigating the Path to Maturity - Boaz Barzel

Boaz Barzel, OX’s Director of Enablement, talks with Cyber Risk Alliance’s Mandy Logan about how to increase your AppSec maturity with the OSC&R framework.

DevOps.com — Report: High Risks to Software Supply Chains are Commonplace

An overview of OX’s OSC&R report was picked up by none other than DevOps.com. Check out the highlighted coverage.

Fast Company — The CrowdStrike outage should make us rethink the resiliency of our tech infrastructure. It probably won’t

Neatsun Ziv, OX’s CEO and Co-founder, was included in Fast Company’s assessment of the industry-rocking Crowdstrike incident in July.

Events

  1. OX Webinar: OSC&R in the Wild: A New Look at the Most Common Software Supply Chain Exposures. August 28, 2024 11am ET. Register now!

  2. JFrog swampUP, Sept. 9-11, 2024 Austin, TX 

  3. OWASP Global AppSec, Sept. 23-27, 2024 San Francisco

  4. Black Hat Europe, Dec. 11-12, 2024 London, England

Content You May Have Missed

  1. Five Gartner Reports. Four Categories. What Does OX Security Do Anyway?

  2. Empowering the Shift: From Integration to Innovation in Application Security 

  3. How ASPM Solutions Help Organizations Prepare for the EU’s DORA

Getting Started is Easy

OX Security's Active ASPM platform empowers organizations to eliminate manual AppSec and confidently enable scalable and secure software development.

Book a Demo

Start a Free Trial

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics