Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deploy...
Conifers AI Opens Singapore Data Region, Bringing Local Data Residency...
Finally taken down: Residential proxy network of at least 2m smart dev...
DXC Opens Flagship AI-first Customer Experience Center in Bengaluru
AI speeds threat discovery as coverage gaps persist: survey
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

FeaturesSoftware Development Lifecycle Security

Navigating the evolving software supply chain landscape

By Victor Ng | Tuesday, July 8, 2025, 4:24 PM Asia/Singapore

Navigating the evolving software supply chain landscape

At EveryOps Day 2025 held in Sydney, emphasis was on the criticality of a single software supply chain platform for effective integration of DevOps, DevSecOps, AIOps and MLOps…

Some critical DevSecOps questions need clear answers – and in real time – such as:

Which teams in your organization are using a deprecated component? Which team is responsible for introducing a vulnerability? What compliance policies are required to put a particular app into production? How do you prove that a container was approved for external distribution?

In his opening keynote at EveryOps Day 2025, Shlomi Ben Haim, CEO & Co-Founder, JFrog, emphasized that failure to effectively address issues such as these can lead to another Crowdstrike-like digital disaster.

The biggest challenge in DevSecOps today is consolidation, according to Tal Zarfati, Lead Architect, JFrog Security, in an exclusive interview with CybersecAsia at the event. With multiple tools in place, security and development teams need a single pane of glass for a single source of truth throughout the entire software development lifecycle.

Another challenge is that, with so much new software introduced in an organization, the chances of introducing security issues (malicious content, vulnerabilities, bugs etc.) are much higher. While open-source package repositories like the Python Package Index (PyPI) play a crucial role in software development, such platforms are also potential targets for malicious actors attempting to exploit application software vulnerabilities.

A case in point: Recently, the JFrog security team discovered and reported a malicious package that was uploaded to PyPI. The package collects information such as Jamf configuration, specific CI/CD environment variables, AWS account IDs, and more.

State of software supply chain

JFrog’s recent “Software Supply Chain State of the Union 2025” report analyzed the evolving software supply chain, highlighting increasing threats and challenges. Key findings include:

  • Growing complexity and risk: Organizations are using more programming languages (64% use 7+, 44% use 10+), and public repositories like Docker Hub and Hugging Face are experiencing massive growth, leading to a more complicated and risky supply chain. Over 33,000 new CVEs were reported in 2024 (up 27% year-on-year), and exposed secrets in public registries increased by 64%.
  • Security gaps: A concerning 71% of organizations allow developers to download packages directly from the internet, a major security risk. While 73% of organizations use 7 or more security solutions, many still have coverage gaps, with less than half scanning at both code and binary levels.
  • AI/ML as a new frontier of risk: The AI/ML software supply chain is rapidly growing, with over a million new models and datasets added to Hugging Face, but also a 6.5x increase in malicious models. Many organizations lack robust governance and scanning mechanisms for ML model artifacts.
  • Limited security scanning leaving blind spots: Only 43% of IT professionals say their organization applies security scans at both the code and binary levels, leaving many organizations vulnerable to security threats only detectable at the binary level. This is down from 56% last year – a sign that teams still have huge blind spots when it comes to identifying and preventing software risk as early as possible.
  • Impact on developers: Security efforts are costing organizations significantly (an average of $28k per developer per year) and negatively impacting developer experience, with developers spending around 3.6 hours per week outside working hours on security issues and frequently switching between tools.

The report emphasized the need for data redundancies, accurate applicability and impact assessments of CVEs, strict safeguarding against exposed secrets, and vigilance against increasingly sophisticated malicious actors. It also advocates for artifact management solutions to proxy public registries, automated security processes, and streamlining security tools to improve developer experience.

Enterprises are poised to pour US$227 billion into AI in 2025 – two-thirds of it on embedded, mission-critical deployments, according to IDC’s FutureScape 2025 forecast. However, Gigamon’s 2025 Hybrid Cloud Security Survey finds 91 % of CISOs are already recalibrating hybrid-cloud defenses after AI-linked system compromise rates jumped 17% year-on-year. Little wonder Gartner expects global cybersecurity budgets to leap 15 % to $212 billion in 2025, much of it ring-fenced for safeguarding new AI workloads.

Ben Haim said: “What needed to be addressed are unmanaged artifacts, slow CI/CD, lack of visibility, security gaps, and siloes. These can be resolved by artifact repository, faster release cycles, one platform for a single source of truth, and deep-scanning security – all too integrated to fail!”

Security should not slow down AI

According to Zarfati, there are several key security concerns slowing down AI adoption:

  • 79% of professionals are slowed down by security concerns over AI technologies
  • 64% are facing challenges and worried about emerging AI regulations
  • 58% are not aware of current policies around AI technologies
  • Potential risks in machine learning models, including:
    • Malicious models that could compromise systems
    • False positive security alerts that create alert fatigue
    • Potential code execution vulnerabilities in seemingly safe models
  • Rapid technological changes make it difficult to keep up with security standards, with technologies emerging and becoming obsolete within seven months

Zarfati emphasized that, while security is crucial, overly cautious approaches can also hinder innovation and AI adoption: “Organizations need balanced, research-driven security strategies that don’t completely block technological progress.”

To counter security slowing down AI adoption, he believes that developer experience is very important, and that organizations should pay attention to the changing role of developers, with security in mind.

To improve developer experience, he said: “Start with the level of ownership. The challenge is getting developers to familiarize themselves with the ownership part. They need to know what is expected of them.”

Traceability is the first keyword. Balancing a ‘blameless’ developer environment and responsible coding requires traceability. The second keyword is intent. Mistakes are inevitable, but the intent is more important, so everyone learns from the mistakes to enhance security.

He added: “Security of the software supply chain requires knowledge of trends and potentials, understanding if the hype is real or just a fad. Before innovation, you need the right protection. We need deep security expertise and innovation to keep on the bleeding edge.”

Share:

PreviousFive critical measures to make fingerprint biometrics truly secure and effective
NextReolink Prime Day Security Camera Deals 2025 Starts Now

Related Posts

WhatsApp’s proposed policy changes stir up a hornet’s nest in India

WhatsApp’s proposed policy changes stir up a hornet’s nest in India

Friday, January 29, 2021

September 2019’s most wanted malware

September 2019’s most wanted malware

Friday, October 11, 2019

Data privacy – from understanding to believing to enforcing

Data privacy – from understanding to believing to enforcing

Wednesday, November 20, 2019

2020: a year of cyber-infamy <br>2021: a year to anticipate

2020: a year of cyber-infamy
2021: a year to anticipate

Tuesday, December 1, 2020

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deployment at QNET

    Wednesday, July 8, 2026
    The Sparsa AI Enterprise Operating …Read More »
  • Conifers AI Opens Singapore Data Region, Bringing Local Data Residency to Asia-Pacific Security Teams

    Wednesday, July 8, 2026
    With data regions now spanning …Read More »
  • DXC Opens Flagship AI-first Customer Experience Center in Bengaluru

    Tuesday, July 7, 2026
    Strengthens DXC’s India presence with …Read More »
  • D-Link Brings Advanced AI Fall Detection and Privacy Protection to Home Elderly Care with the New DCS-8610 Wi-Fi Camera

    Monday, July 6, 2026
    Advanced technologies traditionally found in …Read More »
  • ICAC Commissioner attends first IAACA European regional anti-corruption conference in Hungary

    Friday, July 3, 2026
    BUDAPEST, Hungary, July 2, 2026 …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.