Mastodawn

bot 1d ago

RubyGems와 Bundler에 패키지 쿨다운 기능을 도입해야 할까요?

공급망 공격 방지를 위해 패키지 출시 후 일정 기간 설치를 제한하는 '쿨다운' 기능을 RubyGems와 Bundler에 선택적 도입하는 방안이 논의되고 있습니다.

🔗 원문 보기

RubyGems와 Bundler에 패키지 쿨다운 기능을 도입해야 할까요?

공급망 공격 방지를 위해 패키지 출시 후 일정 기간 설치를 제한하는 '쿨다운' 기능을 RubyGems와 Bundler에 선택적 도입하는 방안이 논의되고 있습니다.

Ruby-News | 루비 AI 뉴스

RedPacket Security 3d ago

Supply Chain Security: Protecting Your Software and Services End-to-End - https://www.redpacketsecurity.com/supply-chain-security-protecting-your-software-and-services-end-to-end/

#Supply_chain_security #CyberSecurity #OSINT #Cyber

Supply Chain Security: Protecting Your Software and Services End-to-End - RedPacket Security

Supply chain security is the practice of reducing risk introduced through vendors, partners, contractors, and third-party software dependencies. It matters

RedPacket Security

Habr Mar 3

Supply Chain Security на примере кофемашины: почему ваш код горчит

Привет, Хабр! Меня зовут Максим Князев, старший системный инженер К2 Кибербезопасность . Сегодня я хочу поговорить об атаках на цепочки поставок на примере того, что все хорошо понимают и любят. Просто представьте, как вы заказываете эспрессо в проверенной кофейне. Зерна от известного обжарщика, бариста с опытом, кофемашина за миллион. И казалось бы, все идеально. Но потом выясняется, что кто-то подсыпал в зерна что-то лишнее еще на плантации. Вы не виноваты, кофейня не виновата, но пить это вы уже не хотите. В разработке происходит ровно то же самое, только в роли зерен здесь выступают npm-пакеты. Плантация превращается в GitHub, а подозрительные примеси представляют собой вредоносный код в легитимном релизе. И вы узнаете о проблемах не по вкусу, а по инциденту в проде. Давайте продолжим это сравнение под катом и разберемся, как не испортить компоненты, из которых складывается современная кибербезопасность.

https://habr.com/ru/companies/k2tech/articles/1004536/

#supply_chain_security #безопасность_цепочки_поставок #sbom #devsecops #open_source #npm #кибербезопасность #уязвимости #slsa #разработка_по

Supply Chain Security на примере кофемашины: почему ваш код горчит

Хабр

RedPacket Security Jan 5

Supply chain security: protecting value in a connected ecosystem - https://www.redpacketsecurity.com/supply-chain-security-protecting-value-in-a-connected-ecosystem/

#Supply_chain_security #CyberSecurity #OSINT #Cyber

Supply chain security: protecting value in a connected ecosystem - RedPacket Security

Supply chain security refers to the protection of information, systems and processes that extend beyond a single organisation, including third‑party

RedPacket Security

RedPacket Security Dec 19

Supply chain security: safeguarding your organisation from third‑party risks - https://www.redpacketsecurity.com/supply-chain-security-safeguarding-your-organisation-from-thirdparty-risks/

#Supply_chain_security #CyberSecurity #OSINT #Cyber

Supply chain security: safeguarding your organisation from third‑party risks - RedPacket Security

Supply chain security focuses on protecting an organisation from risks introduced by the external vendors, services, and software it relies on. As operations

RedPacket Security

RedPacket Security Sep 22

<h1 class='wp-block-heading'>Fortifying the Supply Chain through Practical Security for Modern Organizations</h1>
 - https://www.redpacketsecurity.com/wp-heading-h-class-wp-block-heading-fortifying-the-supply-chain-through-practical-security-for-modern-organizations-h-wp-heading/

#Supply_chain_security #CyberSecurity #OSINT #Cyber

Fortifying the Supply Chain through Practical Security for Modern Organizations - RedPacket Security

Supply chain security is no longer a back‑office concern; it's a frontline defense that touches every product and service. When a vendor, supplier, or

RedPacket Security

RedPacket Security Aug 29, 2025

Secure by Design A Practical Guide to Supply Chain Security for Modern Businesses - https://www.redpacketsecurity.com/secure-by-design-a-practical-guide-to-supply-chain-security-for-modern-businesses/

#Supply_chain_security #CyberSecurity #OSINT #Cyber

Secure by Design A Practical Guide to Supply Chain Security for Modern Businesses - RedPacket Security

Supply chain security is no longer a back office concern. In a connected world, software dependencies, hardware components, and external partners shape every

RedPacket Security

RedPacket Security Mar 12, 2025

Guarding the Circuits: Ensuring Robust Supply Chain Security - https://www.redpacketsecurity.com/guarding-the-circuits-ensuring-robust-supply-chain-security/

#Supply_chain_security #CyberSecurity #OSINT #Cyber

Guarding the Circuits: Ensuring Robust Supply Chain Security - RedPacket Security

In an era dominated by digital interconnectedness, supply chain security has emerged as a critical concern for organizations worldwide. It's not just about

RedPacket Security

RedPacket Security Feb 12, 2025

Fortifying the Backbone of Business: A Deep Dive into Supply Chain Security - https://www.redpacketsecurity.com/fortifying-the-backbone-of-business-a-deep-dive-into-supply-chain-security/

#Supply_chain_security #CyberSecurity #OSINT #Cyber

Fortifying the Backbone of Business: A Deep Dive into Supply Chain Security - RedPacket Security

In today's interconnected global economy, supply chain security is increasingly vital for organizations of all sizes. Cyber threats targeting supply chains

RedPacket Security

RedPacket Security Nov 13, 2024

Securing the Invisible Ties: The Importance of Supply Chain Security - https://www.redpacketsecurity.com/securing-the-invisible-ties-the-importance-of-supply-chain-security/

#Supply_chain_security #CyberSecurity #OSINT #Cyber

Securing the Invisible Ties: The Importance of Supply Chain Security - RedPacket Security

In today's interconnected world, supply chains have become increasingly complex and digital, making them prime targets for cyber attacks. From manufacturing

RedPacket Security