t cht lk recently NIST published a full overview on C-SCRM ( Cyber Supply Chain Risk Management ) that helps organisations understand the different roles and responsibilities of employees to help protect the supply chain .
What role is Checkmarx playing in helping to keep organisations secure ?
Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world ’ s developers while giving CISOs the confidence and control they need .
Shabir Bhat , Regional Sales Director , Middle East , Checkmarx
As a leader in AppSec testing , we provide the industry ’ s most comprehensive solutions , giving development and security teams unparalleled accuracy , coverage , visibility and guidance to reduce risk across all components of modern software – including proprietary code , open source , APIs , software supply chain and infrastructure-as-code .
vulnerabilities , prioritising vulnerabilities and providing information about mitigating them .
This is all part of Software Composition Analysis . Organisations are now demanding that SCA go further to include hunting for malicious packages in OSS dependencies .
What tools and technologies do organisations need to be able to take a proactive approach to defense ?
Checkmarx offers three great open source products ( Chain Alert , DustiLock and ChainJacking ) that help developers safeguard their environments against a number of supply chain attacks . This technology is available in Checkmarx SCA and constantly runs in the background , helping enterprises build a process for vetting open source packages for not only known vulnerabilities , but for malicious packages too .
What advice would you offer organisations keen to develop a long-term strategy for protecting against these threats ?
Organisations should pay close attention to the latest advancements in supply chain security . The SLSA Framework is a great place to educate organisations on supply chain best practices , and
More than 1,600 customers , including nearly half of the Fortune 50 , trust our security technology , expert research and global services to securely optimise development at speed and scale .
Checkmarx lets modern development practitioners incorporate open-source packages into their development process with zero friction while staying protected against modern supply chain attacks such as embedded backdoors and trojans . We include this in our Checkmarx Software Composition Analysis , Checkmarx Supply Chain Security ( SCS ) solutions .
The use of third-party software components is part of the modern software development culture with over 90 % of engineering teams worldwide building and shipping software that uses external code , by far the most of it is open source code . Checkmarx facilitates extreme agility and allows developers to focus on their own code which differentiates their applications , it also increases the attack surface of organisations .
Unlike traditional approaches which are reactive since they wait for the attack to be exposed before taking action to secure your company , Checkmarx takes a proactive approach and actively scans the packages to avoid the risk and understand where your teams should focus remediation efforts .
Checkmarx Software Supply Chain Security provides a first of its kind solution for ahead of time detection of software supply chain attacks . p
www . intelligentcio . com INTELLIGENTCIO MIDDLE EAST 77