Intelligent CISO Issue 50 - Page 76

What advice would you offer organisations keen to develop a long-term strategy for protecting against these threats ?
Organisations should pay close attention to the latest advancements in supply chain security . The SLSA Framework is a great place to educate organisations on supply chain best practices , and recently , NIST published a full overview on C-SCRM ( Cyber Supply Chain Risk Management ) that helps organisations understand the different roles and responsibilities of employees to help protect the supply chain .
What role is Checkmarx playing in helping to keep organisations secure ?
Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world ’ s developers while giving CISOs the confidence and control they need .
As a leader in AppSec testing , we provide the industry ’ s most comprehensive solutions , giving development and security teams unparalleled accuracy , coverage , visibility and guidance to reduce risk across all components of modern software – including proprietary code , open source , APIs , software supply chain and Infrastructure-as-Code .
More than 1,600 customers , including nearly half of the Fortune 50 , trust our security technology , expert research and global services to securely optimise development at speed and scale .
Checkmarx lets modern development practitioners incorporate open source packages into their development process with zero friction while staying protected against modern supply chain attacks such as embedded backdoors and trojans . We include this in our Checkmarx Software Composition Analysis , Checkmarx Supply Chain Security ( SCS ) solutions .
The use of third-party software components is part of the modern software development culture with over 90 % of engineering teams worldwide building and shipping software that uses external code , by far the most of it is open source code . Checkmarx facilitates extreme agility and allows developers to focus on their own code which differentiates their applications , it also increases the attack surface of organisations .
Unlike traditional approaches which are reactive since they wait for the attack to be exposed before taking action to secure your company , Checkmarx takes a proactive approach and actively scans the packages to avoid the risk and understand where your teams should focus remediation efforts .
Checkmarx Software Supply Chain Security provides a first-of-its-kind solution for ahead of time detection of software supply chain attacks . u
76 www . intelligentciso . com