Occamslabs sharing insights about cloud securtiy

  • Kubernetes and Supply Chain Security

    Supplychain Security Kubernetes

    Running your workloads on Kubernetes(k8s) is becoming a de facto standard for many companies building software. The usual steps involve building software, running tests, building a container, hopefully doing some security scanning in the process, pushing to the registry, and deploying.

  • Vulnerability vs. Supply Chain Attack

    Supplychain Security

    A vulnerability is usually an unintended software bug that opens an attack angle for a malicious actor. The good thing about an open-source project is, that the bigger the project, the more eyes are on it. The more likely these vulnerabilities will surface and be fixed fast. In smaller or dormant projects, this is usually not the case.

  • Supply Chains and Lock Files

    Supplychain Security

    A supply chain attack is when one or more of the dependencies in your application have been compromised, and some “bad code “is running on your systems and applications that is intended to harm you. These kinds of attacks are becoming more common and more sophisticated.