Cybercriminals are increasingly targeting the software supply chain, infiltrating open-source ecosystems to spread malware. In 2024, over 512,847 malicious packages were detected—a 156% rise from the previous year. A major attack on the Python Package Index (PyPI) disguised malware as AI chatbot tools, compromising thousands of applications before security researchers intervened.
To combat these threats, organizations must adopt Product Security Testing (PST) to assess software and hardware risks before deployment. PST goes beyond vulnerability scanning, focusing on how a product behaves in a specific environment and identifying necessary mitigations. Prioritizing high-risk applications ensures critical assets remain protected.
The SANS SEC568 course trains security professionals in black-box testing, allowing them to evaluate third-party software effectively. PST is valuable for security teams, auditors, penetration testers, developers, and SOC analysts, helping organizations make informed decisions, improve security posture, and respond proactively to supply chain threats.
Read the full article HERE