News
An SBOM Proves What You Installed. It Can't Prove You Should Have.
7+ hour, 29+ min ago (391+ words) A pre-install supply-chain gate returns ALLOW or DENY for each package your AI agent proposes, before. .. Tagged with ai, security, python, agents....
Deloitte Joins IBM, Red Hat To Accelerate Open-Source Supply Chain Security
3+ day, 5+ hour ago (153+ words) Deloitte partners with IBM and Red Hat on Lightwell to protect enterprises from AI-driven zero-day exploits by injecting automated, backported patches directly into production code. On June 26, 2026, Deloitte joined IBM and Red Hat as an integration collaborator for Lightwell, a…...
OWASP LLM05 Supply Chain Vulnerabilities: Mapping the Surface a Gateway Can Cover
4+ day, 7+ hour ago (1071+ words) The defenses split across the supply chain itself, the runtime, and the network boundary. The boundary slice is where a policy gateway operates. The gateway is not the AIBOM. The gateway is not the patch manager. The gateway is the…...
0deps Movement: Local Dependencies, Immutable Contracts, and Security by Design
4+ day, 9+ hour ago (511+ words) For years, the software industry has embraced a culture of installing dozens'or even hundreds'of external libraries into nearly every project. Modern frameworks often rely on thousands of transitive dependencies, meaning a single application may ultimately depend on code maintained by…...
Securing Your Software Supply Chain -
6+ day, 1+ hour ago (253+ words) Those themes are at the center of "Securing Your Software Supply Chain," a Threat Intelligence & Human Risk session scheduled for Tuesday, August 4, 2026, from 1: 15 p. m. to 2: 30 p. m. at Tech Mentor & Cyber Security Live! @ Microsoft HQ in Redmond, Wash. The introductory-to-intermediate session is designed…...
IBM, Red Hat, and Deloitte Announce Lightwell Collaboration to Help Strengthen Open Source Software Supply Chain Trust
6+ day, 4+ hour ago (462+ words) IBM Newsroom IBM, Red Hat, and Deloitte Announce Lightwell Collaboration to Help Strengthen Open Source Software Supply Chain Trust NEW YORK, ARMONK, N. Y. and RALEIGH, N. C. , June 26, 2026 " Deloitte, IBM (NYSE: IBM), and Red Hat today announced a collaboration to help protect the…...
Don't Trust the Checkmark: Verifying Agent Provenance From the Outside
6+ day, 14+ hour ago (496+ words) Every agent-trust system ships a checkmark. The certificate verifies. The audit log is consistent. The lineage is sound. Green tick, ship it. Here's the thing about that checkmark: in almost every case, it's the issuer telling you it checked itself....
The Rise of Collective Defense for Open Source
6+ day, 22+ hour ago (1108+ words) Nexus One Platform Automate open source and AI governance Sonatype Nexus Repository Build fast with a centralized binary repository Sonatype Firewall Reduce remediation with OSS malware protection Sonatype Lifecycle Avoid rework with automated SCA and remediation Sonatype Guide Guide AI…...
Software Supply Chain Security Just Got Its Own Magic Quadrant " and RL Is On It | RL Blog
1+ week, 41+ min ago (804+ words) We set out to help dev and App Sec teams secure the village: OSS dependencies, malware, more. Learn how. Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best…...
AIVEX and SRIL: New models for software supply chain risk management
1+ week, 13+ hour ago (380+ words) techgig. com New frameworks aim to enhance software supply chain security Devashri Datta, an independent researcher and security architect, has unveiled two new models'AIVEX and SRIL'designed to improve context-aware risk analysis in software supply chains. Traditional remediation methods, which rely…...