How a compromise in trusted security tooling rippled through Checkmarx KICS and LiteLLM, exposing the real risk of transitive dependencies. The past several days has been a serious reminder that supply chain attacks do not stop with the first compromised project. What started with a malicious Trivy release appears to have widened into a separate but similar attack involving Checkmarx

Software companies often rely on a familiar distinction: they regulate products, but not services. They have viewed cloud delivery models, subscription-based offerings, and remote processing as business innovations. They have also seen them as ways to reduce regulatory exposure. The EU Cyber Resilience Act (CRA) challenges this assumption. Under the CRA, the key question is not whether a company markets

One of the frequently asked questions surrounding the Cyber Resilience Act (CRA) concerns legacy products. Manufacturers ask whether they can sell older products in the EU after 11 December 2027 without updates. This blog explores the issue amid evolving CRA standards and upcoming compliance deadlines. CRA Scope and Market Placement The CRA applies to products placed on the market from

The more ubiquitous open source software becomes, the greater potential it has to bring hidden risk to organizations because of open source dependencies and their security vulnerabilities, as well as improper licensing. Those risks are the subject a new IDC report, “Addressing the Hidden Costs of Embedding Open Source Software.” The vulnerabilities presented by open source dependencies are real, but

Open Source is everywhere. Experienced developers do not write code from scratch, they know where to get code. Improving productivity, shortening time to market, and reducing development costs are all good reasons to use Open Source code. However, by using open source components, organizations ultimately take responsibility for the code they did not write. One interesting aspect of Software Composition

Software providers, developers, companies, and enthusiasts are realizing the importance of Software Composition Analysis (SCA) in the realm of modern application development. Net, no one wants be tomorrow’s headline. To understand the role of SCA, a broad perspective is important. SCA offers advantages and added value for organizations that want to develop secure and better products. This is the only