A security expert is responsible for ensuring the security of an organization's information systems and data. They conduct security assessments, identify vulnerabilities, and implement security controls to protect the company's data and systems.
This article covers the growing issue of software supply chain security: what it is, the difference between vulnerabilities and attacks, current best practices, the institutional landscape, and emerging legislation.
For a financial services firm, the importance of hosting an artifact repository manager such as JFrog Artifactory or Sonatype's Nexus inside the firm's firewall cannot be overstated.
CVEs (Common Vulnerabilities and Exposures) are standardized identifiers for publicly known cybersecurity vulnerabilities which can be leveraged in exploits. The MITRE Corporation manages the CVE program, which receives funding from the U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA).
OpenChain ISO/IEC 18974:2023 defines the key requirements of a quality open source security assurance program.
Article covering source and artifact repositories.
Shane Coughlan (OpenChain, Linux Foundation) to FINOS Members Meeting on May 1st 2024.