{"id":2431,"date":"2025-03-21T01:16:40","date_gmt":"2025-03-21T01:16:40","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2431"},"modified":"2025-03-21T01:16:40","modified_gmt":"2025-03-21T01:16:40","slug":"developers-apply-these-10-mitigations-first-to-prevent-supply-chain-attacks","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2431","title":{"rendered":"Developers: apply these 10 mitigations first to prevent supply chain attacks"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>DevOps leaders hoping to find a single cybersecurity risk framework that will prevent their work from experiencing the kinds of compromises that lead to supply chain attacks will have a hard time, according to a new research paper.<\/p>\n<p><a href=\"https:\/\/arxiv.org\/pdf\/2503.12192\">In a paper submitted to Cornell University\u2019s arXiv site<\/a> for academic manuscripts, the six researchers \u2014 four from North Carolina State University, one from Yahoo and one between positions \u2014 said they could rank the top tasks that application development teams should perform to blunt possible compromises in their work that might lead to their applications being used to attack users.<\/p>\n<p>They did it by mapping the 114 reported techniques used in compromising three vital apps, SolarWinds Orion, log4J and XZ Utils, against the 73 recommended tasks listed in 10 software security frameworks, including the US NIST Secure Software Development Framework.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>DevOps leaders hoping to find a single cybersecurity risk framework that will prevent their work from experiencing the kinds of compromises that lead to supply chain attacks will have a hard time, according to a new research paper. In a paper submitted to Cornell University\u2019s arXiv site for academic manuscripts, the six researchers \u2014 four [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":2432,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2431","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2431"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2431"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2431\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2432"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2431"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2431"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2431"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}