X

我们使用cookie,以确保适合你的经验

我们用饼干和其他跟踪技术来提高你的浏览体验在我们的网站上,显示个性化内容和有针对性的广告,分析网站流量,并理解我们的观众来自哪里。你也可以阅读我们的隐私政策,我们使用cookie来确保你在我们的网站上的最好的体验。

选择我接受,或继续在网站上,你同意我们使用饼干条款和条件

得到应用
By Jordan Robertson
<\/strong>
Cyberattacks<\/a> on the digital<\/a> supply chain<\/a> have become increasingly common, as hackers seek out weak links among makers of computer code and equipment to breach organizations that depend on the technologies.

In 2020, for example, hackers suspected of working for Russia’s intelligence services used tampered updates from software maker SolarWinds Corp. to infiltrate nine US government agencies. Last year, hundreds of businesses were compromised with ransomware after the breach of another software provider, Kaseya Ltd. And several months later, the discovery of a flaw in open-source software called Log4j was followed by attacks by hackers in China, Iran and North Korea.

Now, in response, a growing number of startups are emerging to tackle one of the industry’s hardest problems.

Global sales of technologies to secure the software development cycle were $3.7 billion last year and expected to more than double, to $9.2 billion, in 2026, said Katie Norton, a senior research analyst with IDC Corp. Palo Alto Networks Inc<\/a>. and Tenable Holdings Inc<\/a>. were among cybersecurity companies that made acquisitions in the space last year, and Microsoft Corp<\/a>. and Alphabet Inc<\/a>.’s Google<\/a> have released tools to help prevent attacks against software development pipelines, she said.

“There are a lot of solutions and tools emerging,” Norton said. “The combination of nascency with urgency is just really overwhelming.”

Feross Aboukhadijeh, a prolific open-source developer, said he realized early in his career how fragile the foundations of modern software were. “It was mind-blowing to me that all these organizations were using my code-–the code of a random 20-something,” he said.

Those concerns were reinforced in 2018 after open-source code maintained by a friend was hacked. Later, Aboukhadijeh created an encrypted file-sharing program that contained more than 90% open-source code, and he realized he had no reliable way to search for vulnerabilities.

“How could we know for sure that our app was secure if we weren’t even reading any of the code?” he said. “No one had a scalable solution to the problem.”

In 2020, he started San Francisco-based Socket Inc., which examines open-source software packages and flags potential dangers.

Kirkland, Washington-based Chainguard Inc., whose founders come from VMware Inc. and Google, is another company trying to bring more accountability to open-source software. Its technology creates a chain of custody, assessing the origin and trustworthiness of the code.

“People just don’t even know what they’re running and what they’re depending on in their systems,” said Kim Lewandowski, one of the founders.

An executive order that US President Joe Biden issued last year on cybersecurity was a major catalyst for the industry, including a mandate that companies selling to federal agencies provide a “software bill of materials” — the ingredients in their code, computer security experts said.

Supply-chain attacks are growing in part because operating systems and web browsers -- hackers’ usual targets -- are now harder to hack, said Window Snyder, who’s held senior roles at Microsoft, Apple Inc. and Intel Corp. At the same time, a range of connected devices, including baby monitors and smart doorbells, are proliferating with code that often suffers from basic vulnerabilities, which creates openings into personal and corporate networks, she said.

“We see a real dearth of security protections,” said Snyder, who in 2020 founded San Francisco-based Thistle Technologies Ltd., whose tools help device makers write and update their code securely.

Technology has become so complex that many organizations don’t know all the software they’re using, let alone whether it’s secure, said Renaud Feil, founder of Paris-based Synacktiv, a company that’s hired to hack into products to help fix vulnerabilities.

“In some code we’ve reviewed, the company is just writing 1% of the code base,” he said. “The rest is third-party software, framework, libraries.”

Firmware -- code that controls a computer’s hardware -- is another area where more attacks are being found. Earlier this year, an Iranian firm called Amnpardaz Soft Corp. and Moscow-based Kaspersky separately published details of new firmware implants they discovered.

Two companies developing tools to detect firmware vulnerabilities include Portland-based Eclypsium Inc. and Pasadena, California-based Binarly Inc. Cycuity, in San Jose, California, has created methods to inspect chip designs to spot security problems.

But technology alone can only go so far in preventing attacks, said Justin Cappos, associate professor of computer science and engineering at New York University. Organizations need to “holistically examine” how their technologies are built, starting with software, he said.

“If you can ensure the right processes are being followed,” he said, “you can nip a lot of these problems in the bud.”

<\/body>","next_sibling":[{"msid":94999433,"title":"Homegrown handset maker Lava in advanced talks with Chinese ODM Huaqin to form JV","entity_type":"ARTICLE","link":"\/news\/homegrown-handset-maker-lava-in-advanced-talks-with-chinese-odm-huaqin-to-form-jv\/94999433","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[{"msid":"94977752","title":"iStock-516607038","entity_type":"IMAGES","seopath":"small-biz\/trade\/exports\/insights\/hackers-targeting-tech-supply-chains-spur-security-startup-boom\/istock-516607038","category_name":"Hackers targeting tech supply chains spur security startup boom","synopsis":"Supply-chain attacks are growing in part because operating systems and web browsers -- hackers\u2019 usual targets -- are now harder to hack.","thumb":"https:\/\/etimg.etb2bimg.com\/thumb\/img-size-156302\/94977752.cms?width=150&height=112","link":"\/image\/small-biz\/trade\/exports\/insights\/hackers-targeting-tech-supply-chains-spur-security-startup-boom\/istock-516607038\/94977752"}],"msid":94999448,"entity_type":"ARTICLE","title":"Hackers targeting tech supply chains spur security startup boom","synopsis":"\u200bIn 2020, for example, hackers suspected of working for Russia\u2019s intelligence services used tampered updates from software maker SolarWinds Corp. to infiltrate nine US government agencies. ","titleseo":"telecomnews\/hackers-targeting-tech-supply-chains-spur-security-startup-boom","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":177,"shares":0,"engagementtimems":753000},"Alttitle":{"minfo":""},"artag":"Bloomberg","artdate":"2022-10-21 07:54:24","lastupd":"2022-10-21 07:55:06","breadcrumbTags":["cyberattacks","google","supply chain","tech supply chains","microsoft corp","alphabet inc","digital","palo alto networks inc","tenable holdings inc","Internet"],"secinfo":{"seolocation":"telecomnews\/hackers-targeting-tech-supply-chains-spur-security-startup-boom"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2022-10-21" data-index="article_1">

黑客攻击技术供应链促进安全创业热潮

2020年,例如,黑客涉嫌为俄罗斯情报服务工作使用干扰更新软件制造商SolarWinds corp .)渗透到九个美国政府机构。

  • 更新2022年10月21日07:55点坚持
阅读: 100年行业专业人士
读者的形象读到100年行业专业人士
约旦罗伯逊
网络攻击数字 供应链已经变得越来越普遍,因为黑客寻找薄弱环节的计算机代码和设备制造商之间违反组织依赖于技术。

2020年,例如,黑客涉嫌为俄罗斯情报服务工作使用干扰更新软件制造商SolarWinds corp .)渗透到九个美国政府机构。去年,数百名企业被破坏后与ransomware违反另一个软件提供商,Kaseya有限公司,几个月后,发现一个缺陷在开源软件叫做Log4j随后被黑客攻击在中国,伊朗和朝鲜。

广告
现在,作为回应,越来越多的创业公司正在解决该行业的最大问题之一。

全球销售的技术安全软件开发周期去年为37亿美元,预计将增加一倍以上,至92亿美元,在2026年,凯蒂·诺顿说,IDC公司高级研究分析师。帕洛阿尔托网络公司。和成立控股公司。在网络安全公司去年收购了空间,然后呢微软(msft . o:行情)。和字母公司谷歌已经发布了软件开发工具来帮助防止攻击管道,她说。

“有很多的解决方案和工具出现,”诺顿说。“起源与紧迫性的结合只是真的压倒性的。”

Feross Aboukhadijeh多产的开源开发者说,他意识到在他职业生涯的早期现代软件的基础是多么脆弱。“这是令人兴奋的对我来说,所有这些组织都是使用我的代码,代码的随机20多岁,”他说。

这些担忧是钢筋开源代码后,于2018年由一位朋友被砍。之后,Aboukhadijeh创建一个加密的文件共享程序,包含超过90%的开源代码,他意识到他没有可靠的方法去寻找漏洞。

广告
“我们怎么能确定,我们的应用程序是安全的,如果我们甚至不阅读的代码吗?”他说。“没有人有可伸缩的解决问题的办法。”

2020年,他开始旧金山插座Inc .检查开源软件包和旗帜潜在的危险。

柯克兰,华盛顿Chainguard Inc .的创始人来自VMware Inc .)和谷歌,是另一个开源软件公司试图将更多的责任。其技术导致了一连串的保管、评估代码的起源和可信度。

“人们甚至不知道他们正在运行,取决于在他们的系统中,”Lewandowski Kim说,创始人之一。

一项行政命令,美国总统拜登(Joe Biden)去年发布的网络安全是一个重大的催化剂行业,包括要求公司卖给联邦机构提供一个“软件材料清单”——成分在他们的代码中,计算机安全专家说。

供应链攻击是日益增长的部分原因是操作系统和浏览器——黑客通常的目标——现在难以破解,窗口Snyder说,谁持有高级角色在微软,苹果(Apple inc .)和英特尔(Intel corp .)与此同时,一系列的连接设备,包括婴儿监视器和智能门铃、增殖与经常遭受基本的漏洞的代码,创建空缺到个人和企业网络,她说。

“我们看到一个真正的缺乏安全保护,”斯奈德说,他在2020年创立了旧金山的蓟技术有限公司的工具帮助安全设备制造商编写和更新他们的代码。

技术已经变得如此复杂,许多组织都不知道他们正在使用的软件,更不用说是否安全,雷诺Feil说,巴黎Synacktiv创始人的公司雇来侵入产品来帮助修复漏洞。

“在一些代码,我们已经评估了,公司只是写代码库的1%,”他说。“剩下的都是第三方软件、框架、图书馆。”

固件代码控制计算机的硬件,是被发现的另一个领域有更多的袭击。今年早些时候,伊朗一家叫做Amnpardaz软corp .)和莫斯科卡巴斯基分别发布新固件植入他们发现的细节。

两家公司开发工具来检测固件漏洞包括波特兰Eclypsium Inc .)和帕萨迪纳市加州Binarly Inc . Cycuity,加州圣何塞市创造了方法检查芯片设计发现安全问题。

但技术本身对于防止攻击也只能到此为止,贾斯汀Cappos说纽约大学计算机科学与工程教授。组织需要他们的技术是如何建立“全面检查”,从软件开始,他说。

“如果你能确保正确的流程之后,”他说,“你可以把很多这些问题消灭在萌芽状态。”

  • 发布于2022年10月21日07:54点坚持
是第一个发表评论。
现在评论

评论

现在评论 阅读评论(1)

加入2 m +行业专业人士的社区

订阅我们的通讯最新见解与分析。乐动扑克

下载ETTelec乐动娱乐招聘om应用

  • 得到实时更新
  • 保存您最喜爱的文章
扫描下载应用程序
By Jordan Robertson
<\/strong>
Cyberattacks<\/a> on the digital<\/a> supply chain<\/a> have become increasingly common, as hackers seek out weak links among makers of computer code and equipment to breach organizations that depend on the technologies.

In 2020, for example, hackers suspected of working for Russia’s intelligence services used tampered updates from software maker SolarWinds Corp. to infiltrate nine US government agencies. Last year, hundreds of businesses were compromised with ransomware after the breach of another software provider, Kaseya Ltd. And several months later, the discovery of a flaw in open-source software called Log4j was followed by attacks by hackers in China, Iran and North Korea.

Now, in response, a growing number of startups are emerging to tackle one of the industry’s hardest problems.

Global sales of technologies to secure the software development cycle were $3.7 billion last year and expected to more than double, to $9.2 billion, in 2026, said Katie Norton, a senior research analyst with IDC Corp. Palo Alto Networks Inc<\/a>. and Tenable Holdings Inc<\/a>. were among cybersecurity companies that made acquisitions in the space last year, and Microsoft Corp<\/a>. and Alphabet Inc<\/a>.’s Google<\/a> have released tools to help prevent attacks against software development pipelines, she said.

“There are a lot of solutions and tools emerging,” Norton said. “The combination of nascency with urgency is just really overwhelming.”

Feross Aboukhadijeh, a prolific open-source developer, said he realized early in his career how fragile the foundations of modern software were. “It was mind-blowing to me that all these organizations were using my code-–the code of a random 20-something,” he said.

Those concerns were reinforced in 2018 after open-source code maintained by a friend was hacked. Later, Aboukhadijeh created an encrypted file-sharing program that contained more than 90% open-source code, and he realized he had no reliable way to search for vulnerabilities.

“How could we know for sure that our app was secure if we weren’t even reading any of the code?” he said. “No one had a scalable solution to the problem.”

In 2020, he started San Francisco-based Socket Inc., which examines open-source software packages and flags potential dangers.

Kirkland, Washington-based Chainguard Inc., whose founders come from VMware Inc. and Google, is another company trying to bring more accountability to open-source software. Its technology creates a chain of custody, assessing the origin and trustworthiness of the code.

“People just don’t even know what they’re running and what they’re depending on in their systems,” said Kim Lewandowski, one of the founders.

An executive order that US President Joe Biden issued last year on cybersecurity was a major catalyst for the industry, including a mandate that companies selling to federal agencies provide a “software bill of materials” — the ingredients in their code, computer security experts said.

Supply-chain attacks are growing in part because operating systems and web browsers -- hackers’ usual targets -- are now harder to hack, said Window Snyder, who’s held senior roles at Microsoft, Apple Inc. and Intel Corp. At the same time, a range of connected devices, including baby monitors and smart doorbells, are proliferating with code that often suffers from basic vulnerabilities, which creates openings into personal and corporate networks, she said.

“We see a real dearth of security protections,” said Snyder, who in 2020 founded San Francisco-based Thistle Technologies Ltd., whose tools help device makers write and update their code securely.

Technology has become so complex that many organizations don’t know all the software they’re using, let alone whether it’s secure, said Renaud Feil, founder of Paris-based Synacktiv, a company that’s hired to hack into products to help fix vulnerabilities.

“In some code we’ve reviewed, the company is just writing 1% of the code base,” he said. “The rest is third-party software, framework, libraries.”

Firmware -- code that controls a computer’s hardware -- is another area where more attacks are being found. Earlier this year, an Iranian firm called Amnpardaz Soft Corp. and Moscow-based Kaspersky separately published details of new firmware implants they discovered.

Two companies developing tools to detect firmware vulnerabilities include Portland-based Eclypsium Inc. and Pasadena, California-based Binarly Inc. Cycuity, in San Jose, California, has created methods to inspect chip designs to spot security problems.

But technology alone can only go so far in preventing attacks, said Justin Cappos, associate professor of computer science and engineering at New York University. Organizations need to “holistically examine” how their technologies are built, starting with software, he said.

“If you can ensure the right processes are being followed,” he said, “you can nip a lot of these problems in the bud.”

<\/body>","next_sibling":[{"msid":94999433,"title":"Homegrown handset maker Lava in advanced talks with Chinese ODM Huaqin to form JV","entity_type":"ARTICLE","link":"\/news\/homegrown-handset-maker-lava-in-advanced-talks-with-chinese-odm-huaqin-to-form-jv\/94999433","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[{"msid":"94977752","title":"iStock-516607038","entity_type":"IMAGES","seopath":"small-biz\/trade\/exports\/insights\/hackers-targeting-tech-supply-chains-spur-security-startup-boom\/istock-516607038","category_name":"Hackers targeting tech supply chains spur security startup boom","synopsis":"Supply-chain attacks are growing in part because operating systems and web browsers -- hackers\u2019 usual targets -- are now harder to hack.","thumb":"https:\/\/etimg.etb2bimg.com\/thumb\/img-size-156302\/94977752.cms?width=150&height=112","link":"\/image\/small-biz\/trade\/exports\/insights\/hackers-targeting-tech-supply-chains-spur-security-startup-boom\/istock-516607038\/94977752"}],"msid":94999448,"entity_type":"ARTICLE","title":"Hackers targeting tech supply chains spur security startup boom","synopsis":"\u200bIn 2020, for example, hackers suspected of working for Russia\u2019s intelligence services used tampered updates from software maker SolarWinds Corp. to infiltrate nine US government agencies. ","titleseo":"telecomnews\/hackers-targeting-tech-supply-chains-spur-security-startup-boom","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":177,"shares":0,"engagementtimems":753000},"Alttitle":{"minfo":""},"artag":"Bloomberg","artdate":"2022-10-21 07:54:24","lastupd":"2022-10-21 07:55:06","breadcrumbTags":["cyberattacks","google","supply chain","tech supply chains","microsoft corp","alphabet inc","digital","palo alto networks inc","tenable holdings inc","Internet"],"secinfo":{"seolocation":"telecomnews\/hackers-targeting-tech-supply-chains-spur-security-startup-boom"}}" data-news_link="//www.iser-br.com/news/hackers-targeting-tech-supply-chains-spur-security-startup-boom/94999448">