Turning Constant Change into Business Opportunity: The Role of IT...
A New Approach to Logistics and Transportation through the Reverse...
How Tomorrow's Technologies are Changing Today's Supply Chains
The Ascent of Supply Chain to the Cloud
Robotics, automation and TMS programs - How Will It All Fit Together?
Dan Sellers, CIO, 360data
IoT and CIOs
Kevin Glynn, CIO, DSC Logistics
How do you Strike the Balance between Operations and Innovation...
Mel Kirk, SVP & CIO, Ryder
The Three Phases of Engaging With a 3PL
Rich Hamilton, Managing Director and 3PL Advisory Group Leader, Cushman & Wakefield
Thank you for Subscribing to CIO Applications Weekly Brief

WhiteSource Announced the Acquisition of Diffend to Provide Software Supply Chain Security

Under the new name WhiteSource Diffend, all of Diffend's latest commercial products will be made available for free. WhiteSource is now able to provide an innovative framework for mitigating tech supply chain risk as a result of the acquisition.
FREMONT, CA: WhiteSource, the market leader in open source protection and management, has declared the acquisition of Diffend, an open-source malware security and threat detection solution. Under the new name WhiteSource Diffend, all of Diffend's latest commercial products will be made available for free. WhiteSource is now able to provide an innovative framework for mitigating tech supply chain risk as a result of the acquisition.
Recent software supply chain attacks demonstrate that application security needs have gone beyond detection to include continuous prevention. "Scanning for malicious packages after they are installed is too late," stated Maciej Mensfeld, founder of Diffend. "Organizations must start blocking malicious packages before they are downloaded or installed. WhiteSource Diffend is designed for near-invisible, exception-based alerting on software supply chain security threats that don't interfere with developers' work." Mensfeld added, "in the past week alone, the Diffend platform has been responsible for detecting and reporting 60 suspicious packages to Rubygems, all of which have now been removed, benefiting all open source users." Maciej Mensfeld joins WhiteSource as Senior Product Manager for Software Supply Chain Security.
Attacks on the software supply chain undermine users' implicit confidence in current application architectures. They happen when malicious code is applied to commercial or open-source software that is implemented directly or indirectly by the client or used as part of the create and publish process. A software supply chain attack has the potential to cause significant damage. It can range from affecting application traffic to revealing sensitive systems and data as a result of access authorization abuse. Although certain malicious attacks seek to remain undetected before production, others, including viruses, attack immediately.
WhiteSource Diffend allows only one installation for the whole enterprise and prevents any malicious package installation or upgrade, protecting not only the development app but also the entire CI system. This ultimate shift-left tool offers maximum security by blocking a package before it even hits a developer's computer – without taking up precious developer time – thanks to creative classification rules for suspicious components.
I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info
Featured Vendors
-
Jason Vogel, Senior Director of Product Strategy & Development, Silver Wealth Technologies
James Brown, CEO, Smart Communications
Deepak Dube, Founder and CEO, Datanomers
Tory Hazard, CEO, Institutional Cash Distributors
Jean Jacques Borno, CFP®, Founder & CEO, 1787fp
-
Andrew Rudd, CEO, Advisor Software
Douglas Jones, Vice President Operations, NETSOL Technologies
Matt McCormick, CEO, AddOn Networks
Jeff Peters, President, and Co-Founder, Focalized Networks
Tom Jordan, VP, Financial Software Solutions, Digital Check Corp
Tracey Dunlap, Chief Experience Officer, Zenmonics