Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Vietnam Launches NDAChain, the National Blockchain Platform to Acceler...
Elitery a Pioneering MSSP Partner for Google Cloud’s “Indo...
Asia Pacific’s Mobile Sector Adds $950 Billion to GDP; On Track ...
PT Kereta Api Indonesia announces nationwide email and communication o...
Will governments assert stronger oversight over tech giants deemed as ...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      The rising threats and business risks of machine identities

      The rising threats and business risks of machine identities

      Tuesday, July 22, 2025, 12:19 PM Asia/Singapore | Features, IoT Security
    • Featured

      The future of AI-powered cybersecurity

      The future of AI-powered cybersecurity

      Monday, July 21, 2025, 4:04 PM Asia/Singapore | Features, Newsletter, Tips
    • Featured

      Transcending digital disruption: How financial institutions can integrate innovation, security, and agility

      Transcending digital disruption: How financial institutions can integrate innovation, security, and agility

      Thursday, July 10, 2025, 4:16 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

LOGIN REGISTER
  • Features
    • Featured

      The rising threats and business risks of machine identities

      The rising threats and business risks of machine identities

      Tuesday, July 22, 2025, 12:19 PM Asia/Singapore | Features, IoT Security
    • Featured

      The future of AI-powered cybersecurity

      The future of AI-powered cybersecurity

      Monday, July 21, 2025, 4:04 PM Asia/Singapore | Features, Newsletter, Tips
    • Featured

      Transcending digital disruption: How financial institutions can integrate innovation, security, and agility

      Transcending digital disruption: How financial institutions can integrate innovation, security, and agility

      Thursday, July 10, 2025, 4:16 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning
FeaturesSoftware Development Lifecycle Security

Navigating the evolving software supply chain landscape

By Victor Ng | Tuesday, July 8, 2025, 4:24 PM Asia/Singapore

Navigating the evolving software supply chain landscape

At EveryOps Day 2025 held in Sydney, emphasis was on the criticality of a single software supply chain platform for effective integration of DevOps, DevSecOps, AIOps and MLOps…

Some critical DevSecOps questions need clear answers – and in real time – such as:

Which teams in your organization are using a deprecated component? Which team is responsible for introducing a vulnerability? What compliance policies are required to put a particular app into production? How do you prove that a container was approved for external distribution?

In his opening keynote at EveryOps Day 2025, Shlomi Ben Haim, CEO & Co-Founder, JFrog, emphasized that failure to effectively address issues such as these can lead to another Crowdstrike-like digital disaster.

The biggest challenge in DevSecOps today is consolidation, according to Tal Zarfati, Lead Architect, JFrog Security, in an exclusive interview with CybersecAsia at the event. With multiple tools in place, security and development teams need a single pane of glass for a single source of truth throughout the entire software development lifecycle.

Another challenge is that, with so much new software introduced in an organization, the chances of introducing security issues (malicious content, vulnerabilities, bugs etc.) are much higher. While open-source package repositories like the Python Package Index (PyPI) play a crucial role in software development, such platforms are also potential targets for malicious actors attempting to exploit application software vulnerabilities.

A case in point: Recently, the JFrog security team discovered and reported a malicious package that was uploaded to PyPI. The package collects information such as Jamf configuration, specific CI/CD environment variables, AWS account IDs, and more.

State of software supply chain

JFrog’s recent “Software Supply Chain State of the Union 2025” report analyzed the evolving software supply chain, highlighting increasing threats and challenges. Key findings include:

  • Growing complexity and risk: Organizations are using more programming languages (64% use 7+, 44% use 10+), and public repositories like Docker Hub and Hugging Face are experiencing massive growth, leading to a more complicated and risky supply chain. Over 33,000 new CVEs were reported in 2024 (up 27% year-on-year), and exposed secrets in public registries increased by 64%.
  • Security gaps: A concerning 71% of organizations allow developers to download packages directly from the internet, a major security risk. While 73% of organizations use 7 or more security solutions, many still have coverage gaps, with less than half scanning at both code and binary levels.
  • AI/ML as a new frontier of risk: The AI/ML software supply chain is rapidly growing, with over a million new models and datasets added to Hugging Face, but also a 6.5x increase in malicious models. Many organizations lack robust governance and scanning mechanisms for ML model artifacts.
  • Limited security scanning leaving blind spots: Only 43% of IT professionals say their organization applies security scans at both the code and binary levels, leaving many organizations vulnerable to security threats only detectable at the binary level. This is down from 56% last year – a sign that teams still have huge blind spots when it comes to identifying and preventing software risk as early as possible.
  • Impact on developers: Security efforts are costing organizations significantly (an average of $28k per developer per year) and negatively impacting developer experience, with developers spending around 3.6 hours per week outside working hours on security issues and frequently switching between tools.

The report emphasized the need for data redundancies, accurate applicability and impact assessments of CVEs, strict safeguarding against exposed secrets, and vigilance against increasingly sophisticated malicious actors. It also advocates for artifact management solutions to proxy public registries, automated security processes, and streamlining security tools to improve developer experience.

Enterprises are poised to pour US$227 billion into AI in 2025 – two-thirds of it on embedded, mission-critical deployments, according to IDC’s FutureScape 2025 forecast. However, Gigamon’s 2025 Hybrid Cloud Security Survey finds 91 % of CISOs are already recalibrating hybrid-cloud defenses after AI-linked system compromise rates jumped 17% year-on-year. Little wonder Gartner expects global cybersecurity budgets to leap 15 % to $212 billion in 2025, much of it ring-fenced for safeguarding new AI workloads.

Ben Haim said: “What needed to be addressed are unmanaged artifacts, slow CI/CD, lack of visibility, security gaps, and siloes. These can be resolved by artifact repository, faster release cycles, one platform for a single source of truth, and deep-scanning security – all too integrated to fail!”

Security should not slow down AI

According to Zarfati, there are several key security concerns slowing down AI adoption:

  • 79% of professionals are slowed down by security concerns over AI technologies
  • 64% are facing challenges and worried about emerging AI regulations
  • 58% are not aware of current policies around AI technologies
  • Potential risks in machine learning models, including:
    • Malicious models that could compromise systems
    • False positive security alerts that create alert fatigue
    • Potential code execution vulnerabilities in seemingly safe models
  • Rapid technological changes make it difficult to keep up with security standards, with technologies emerging and becoming obsolete within seven months

Zarfati emphasized that, while security is crucial, overly cautious approaches can also hinder innovation and AI adoption: “Organizations need balanced, research-driven security strategies that don’t completely block technological progress.”

To counter security slowing down AI adoption, he believes that developer experience is very important, and that organizations should pay attention to the changing role of developers, with security in mind.

To improve developer experience, he said: “Start with the level of ownership. The challenge is getting developers to familiarize themselves with the ownership part. They need to know what is expected of them.”

Traceability is the first keyword. Balancing a ‘blameless’ developer environment and responsible coding requires traceability. The second keyword is intent. Mistakes are inevitable, but the intent is more important, so everyone learns from the mistakes to enhance security.

He added: “Security of the software supply chain requires knowledge of trends and potentials, understanding if the hype is real or just a fad. Before innovation, you need the right protection. We need deep security expertise and innovation to keep on the bleeding edge.”

Share:

PreviousFive critical measures to make fingerprint biometrics truly secure and effective
NextReolink Prime Day Security Camera Deals 2025 Starts Now

Related Posts

Managing and protecting data in a world of tracing apps

Managing and protecting data in a world of tracing apps

Friday, June 11, 2021

Two massive data breaches, one common underlying cause

Two massive data breaches, one common underlying cause

Tuesday, July 16, 2024

How well is your data being protected?

How well is your data being protected?

Monday, February 7, 2022

Can facial recognition survive the deepfake age?

Can facial recognition survive the deepfake age?

Monday, June 10, 2024

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • Operationalizing sustainability in cybersecurity: Group-IB’s approach

    Operationalizing sustainability in cybersecurity: Group-IB’s approach

    See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more
  • Thai government expands secure email management to close cybersecurity gaps

    Thai government expands secure email management to close cybersecurity gaps

    New measures address cybersecurity gaps in public sector communications, deploying advanced protections and operational support …Read more
  • How Iress optimized global DevSecOps

    How Iress optimized global DevSecOps

    Scaling compliance, security & efficiency – while seamlessly migrating to the cloud – with JFrog.Read more
  • St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    With only a small IT team, the digital transformation has united operations across 30 locations, …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.