ASPM Zen
Volume 1, Issue 12
SECURITY ALERT: OpenSSH Vulnerability CVE-2024-6387
Just a few days ago, a critical security vulnerability was discovered in OpenSSH server. Identified as CVE-2024-6387, this vulnerability is estimated to affect 1 in 3 OpenSSH servers. Dubbed “RegreSSHion,” this vulnerability enables remote unauthenticated code execution, potentially allowing attackers to gain unauthorized access and control over affected systems.
Because the vulnerability is so widespread, it poses a significant threat to millions of systems globally. Organizations need to act quickly to ensure that all vulnerable instances of this library are updated to a secure version.
We recommend the following mitigation measures to protect against CVE-2024-6387:
To learn more about CVE-2024-6387, including steps you can take to eliminate this risk and how Cycode can automate this process, read our blog now.
Cycode Named in the Gartner® Hype Cycle™ for Platform Engineering, 2024 Report
We are excited to announce that Cycode has been recognized as a Sample Vendor for Software Supply Chain Security in the Gartner Hype Cycle for Platform Engineering, 2024 report.
Gartner defines software supply chain security as, “the set of processes and tools used to curate, create and consume software in ways that mitigate attacks against software or its use as an attack vector. Curation focuses on assessing risks of third-party software and assessing its acceptability. Creation focuses on secure development and the protection of software through verification, provenance and traceability.”
We are grateful for this recognition from Gartner. We believe it acknowledges our contribution to innovating and advancing software supply chain security as part of our complete ASPM platform. To learn more about the report and this announcement, please read our blog now.
Code Resilience in the Age of ASPM Book and Virtual Event
Two weeks ago we launched our very own book, Code Resilience in the Age of ASPM. The book was conceptualized and developed in response to the rapid technological advances that are shifting how organizations approach cybersecurity: AI, pipeline hygiene, cloud-native development, open-source software, and much more. It is a great resource for any security professional looking to make a meaningful impact on organizations risk.
This book contains interviews from 20 leading CISOs, security professionals, and DevSecOps practitioners. Our expert contributors are industry leaders from global enterprise companies like Cisco Meraki, TikTok, Atlassian, HPE, the NFL, and more.
The book was such a success that we decided to host a virtual event with some of our key contributors.
On July 18, 2024 at 11AM ET | 8AM PT, we are hosting a virtual extravaganza: A Discussion on the Future of Code Resilience with the World’s Top CISOs.
This must-attend event has an all-star lineup and will pack the punches when it comes to AppSec insights. Our experts will discuss:
Note: We do have a very limited stash of hard cover editions of our book available to the first 30 registrants, but you must register now to request your copy.
Recommended by LinkedIn
Black Hat USA
We’re midway through July, which means that Black Hat USA is almost here! We love meeting up in person and we’d love to show you how our Complete ASPM can bring you Peace of Mind.
Here are all the ways you can meet up with us in real life!
Gartner Peer Insights: A Great ASPM Tool
Gartner Peer Insights is a great resource when shopping for new software solutions like a Complete ASPM platform. Gartner Peer Insights allows users to give their unfiltered opinion on the software they use every day. It is an great resource for anyone who wants to get the inside scoop on different tech from the people who know them best.
Did you know that Cycode is the leading ASPM vendor on Gartner Peer Insights?
Our customers have said we deliver “an impressive array of different features for DevSecOps and security scanning.” We also get top marks for responsiveness. “Compared to other vendors I've found Cycode to be honest and quick to respond, which is refreshing.” We are proud to “close gaps and improve our [customers’] security posture.” Finally, if you’re looking for complete solution, Cycode is a “intuitive, easy to use, single source of truth ASPM platform.”
AppSec Secrets Webinar Series on Demand
Did you miss our latest webinar, “CISOs Guide to Cyber Resiliency: Security, Speed & Innovation with ASPM”? Never fear. You can watch all our our webinars on demand!
From the State of ASPM to pipeline security to secrets in code, we are here to keep you informed on the latest advancements in AppSec. Wath our full video series here at AppSec Secrets.
Additional Resources
Interested in learning more? We have a lot of ASPM related resources. Check them out:
Subscribe Today
Subscribe to our newsletter today and follow us on LinkedIn to be the first to receive ASPM-related insights and upcoming research straight to your inbox. By subscribing, you’ll gain insider knowledge on ASPM and the latest developer security trends to ensure you are always up to date on how to effectively reduce your organization’s AppSec risk.