SOFTWARE AND TECHNOLOGY

Jetstack Announces Industry-First Software Supply Chain Security Toolkit

Jetstack | May 18, 2022

Jetstack Announces Industry-First
Jetstack, a Venafi company and leader in cloud native, open source and strategic consulting services,  announced the availability of an easy-to-use, interactive and comprehensive toolkit for securing modern software supply chains. The visual, web-based resource is available to everyone and is designed to help organizations evaluate and plan the crucial steps they need to tackle effective software supply chain security. Software supply chain security has become an increasingly critical issue for all organizations.

After the attack against Solar Winds at the end of 2020 that affected over 1800 companies, software supply chain attacks increased over 300 percent in 2021.Most organizations now understand the urgency and importance of improving the security of the software they consume and produce, said Matthew Bates, chief technology officer for Jetstack.

The problem is that it's very challenging to identify and prioritize the changes that need to be made whilst also managing the competing priorities of their development and security communities. It's very difficult to figure out how to continually improve development velocity and reduce time to deployment while, at the same time, improve control, visibility and security. Our toolkit helps development and security teams quickly figure out where to start by identifying the difficulty and impact connected to specific security controls.

The Software Supply Chain toolkit consolidates advice and recommendations from multiple frameworks and whitepapers that each provide comprehensive guidance for software supply chain security including:

  • CNCF ‘Software Supply Chain Best Practices’ whitepaper
  • The Linux Foundation SLSA (Supply-chain Levels for Software Artifacts)
  • NIST Guidance on Executive Order 14028 Improving Software Supply Chain Security
  • Venafi blueprint for building secure software development pipelines

The interactive toolkit presents the guidance from these frameworks broken down into four key areas: build pipelines, source code, provenance and deployment. Recommendations from each section include insights on priority and complexity along with links to the original open source toolsets that can help with that specific recommendation.

“Software supply chain attacks target a whole range of vulnerabilities at different points in the software life cycle, Solving these challenges requires going through a whole range of controls that go well beyond a software bill of materials (SBOMs), which is just one of the 54 recommendations. The Software Supply Chain toolkit is a new type of collaboration with the open source community designed to help the industry develop proactive and preventative solutions that are purpose built for existing and emerging development processes.”

-Steve Judd, senior solutions architect for Jetstack and the developer of the toolkit

Visit https://jetstack.io/software-supply-chain/ to view the toolkit.

About Jetstack
Jetstack, a Venafi company, is a cloud native products and strategic consulting company working with enterprises using Kubernetes and OpenShift. Venafi is the cybersecurity market leader and innovator of machine identity management.

An open source pioneer, Jetstack has achieved notable industry recognition as the creator of cert-manager which is the open source industry standard for cloud native machine identity management. Jetstack’s open source products and solutions protect the application environments and platform infrastructure of global banks, multinational retailing companies and defense organizations.

Venafi and Jetstack are pioneers of enterprise machine identity security, and Jetstack provides enterprise platform and security teams the power to build, scale and secure their cloud native infrastructure for advanced developer automation, workload security and application innovation.

Spotlight

This whitepaper serves as a support for all those who deal with the implementation of a supply chain risk management. Target this stand-guide is to give companies a checklist of all relevant performance ingredients for a professional composition of a supply chain risk management at hand.


Other News
LOGISTICS

CalAmp’s Tracker Brings Secure Supply Chain Visibility Solution to Pan-European Transportation and Logistics Operators

CalAmp | May 16, 2022

CalAmp (Nasdaq: CAMP), a connected intelligence company helping people and organizations improve operational performance with a data-driven solutions ecosystem, announced its subsidiary, Tracker Network (U.K.) Ltd., is offering its Supply Chain Visibility solution to pan-European transportation and logistics operators to deliver reliable, cost-effective, end-to-end cargo tracking of shipments. The solution will particularly benefit multinational businesses in the pharmaceutical, electronics, biotech, food and consumer goods industries looking to secure high-value, high-risk shipments in transit, while also improving supply chain efficiency and offering essential documentation for regulatory compliance purposes. CalAmp’s Supply Chain Visibility solution is enabled by a portfolio of wireless sensors and other reusable and single-use devices that can be affixed to assets to track and collect critical data, such as temperature, light, shock, vibration and location. The solution enables operators to monitor cargo throughout the shipment journey from a manufacturer through land, sea and air touchpoints to the final destination. Upon arrival, the sensors automatically synchronize with CalAmp’s fixed and mobile hubs to support chain of custody documentation and environmental reporting. Sensor data sent through the CalAmp Telematics Cloud can be directly integrated into warehouse, fleet and logistics management systems via Application Programming Interfaces (APIs). “The pandemic brought to light many challenges within the global supply chain, from port and border closures to product shortages and COVID-19 vaccine shipments. Manually tracking goods in transit exposes cargo to human error and theft, and limits visibility into environmental damage,” explained Mark Rose, managing director for Tracker. “Sensor- and API-enabled smarter logistics systems like CalAmp’s Supply Chain Visibility solution prove invaluable in reducing freight spoilage, optimizing supply chain performance, documenting chain of custody and protecting brand integrity.” The CalAmp Supply Chain Visibility solution provides: Reporting and data analytics: Logging of data to help document chain of custody in compliance with Food Safety Modernization Act (FSMA) and Good Distribution Practice (GDP) requirements Critical alerts and notifications: Immediate web-based and mobile alerts when a shipment exceeds a predetermined temperature range or goes out of the authorized shipping zone, enabling supply chain operators to take corrective action to minimize spoilage and loss Near real-time location tracking: CalAmp’s smart sensors and disposable devices utilize GPS tracking to provide near real-time delivery estimates, current location and progress reports even when cargo is in the hands of a third-party provider Geofencing and route fencing: Alerts notify users if the cargo deviates from the planned route or strays from authorized waypoints Stationary and movement detection: Detection of when a shipment is moving or stalled, which is especially important when navigating high risk areas in route between waypoints API integration: CalAmp integrates with Electronic Data Interchange (EDI) or Enterprise Resource Planning (ERP) systems to facilitate information sharing, collaboration and transparency along the entire supply chain External sharing of critical sensor readings and history: A device’s sensory reading, location and historical data can be shared with other stakeholders including third-party logistics providers (3PLs), private fleet operators, warehouses and distribution centers. “The need for real-time, end-to-end cargo visibility has never been greater than in today’s complex, just-in-time global supply chain. Manufacturers, logistics operators, consumers and regulators all want to ensure their shipments in transit adhere to strict safety and compliance requirements and will arrive quickly and as expected, We’re excited to provide this level of visibility and intelligence to the European market through our Supply Chain Visibility solution. For our customers shipping goods across pan-European regions, these location and environmental insights will strengthen the reliability, security and efficiency of their operations to benefit all stakeholders in the supply chain.” -Jeff Clark, chief product officer, CalAmp. About Tracker Network (UK) Limited Tracker Network (UK) Limited, a wholly owned subsidiary of CalAmp, has been leading the way in the field of stolen vehicle recovery and insurance and fleet telematics since 1993. With over a million market-leading security and telematics systems fitted to vehicles including passenger cars, motorcycles, commercial vehicles and plant and construction equipment, Tracker’s connected intelligence solutions help people and businesses work smarter. Together with the police, Tracker has to date recovered over £571 million worth of stolen vehicles and continues to recover on average £1 million worth of stolen vehicles each month. Tracker’s award-winning products ensure its customers have complete peace of mind. For more information, visit www.tracker.co.uk or LinkedIn, Facebook, Twitter, Instagram or Tracker Insights.      About CalAmp CalAmp (Nasdaq: CAMP) is a connected intelligence company that leverages a data-driven solutions ecosystem to help people and organizations improve operational performance. We solve complex problems in transportation and logistics, commercial and government fleet, industrial equipment and consumer vehicle marketplaces by providing solutions that track, monitor and recover vital assets. The insights enabled by our cloud platform, applications and edge computing devices drive operational visibility, safety, efficiency, maintenance and sustainability. Headquartered in Irvine, California, CalAmp has over one million software and services subscribers and 10 million edge devices deployed worldwide. For more information, visit calamp.com, or LinkedIn, Facebook, Twitter, YouTube or CalAmp Blog. CalAmp, LoJack, TRACKER, Here Comes The Bus, Bus Guardian, iOn Vision, CrashBoxx and associated logos are among the trademarks of CalAmp and/or its affiliates in the United States, certain other countries and/or the EU. Spireon acquired the LoJack® U.S. Stolen Vehicle Recovery (SVR) business from CalAmp and holds an exclusive license to the LoJack mark in the United States and Canada. Any other trademarks or trade names mentioned are the property of their respective owners.

Read More

TRANSPORTATION

Enghouse Transportation Partners with Switchio To expand Transit Customer Payment Offering

Enghouse Transportation | April 13, 2022

Enghouse Transportation, a unit of Enghouse Systems Limited (TSX: ENGH) has partnered with electronic payment firm Switchio (a division of Monet+) to expand its automated transit fare collection offering. Enghouse Transportation, an established provider of automated fair collection transit software solutions in the Netherlands, Central Europe and Eastern Europe, is expanding into the North American market. Our strategic cooperation with Switchio bolsters our ability to deliver transit solutions in the United States, Canada and other markets, said Toofan Otaredian, Managing Director of Enghouse Transportation. "Switchio has unique strengths in its Smart Cities portfolio, especially EMV card acceptance in public transit and parking. Switchio also offers modular solutions that enable quick and effortless EMV bank card payments for transit systems and operators." Switchio is headquartered in the Czech Republic. The Company participated in the country's first chip payment card systems. "We're very pleased to embark on this new collaboration with Enghouse, We have already established a presence in the Americas with a successful implementation in Guatemala and another is currently underway in Chile. We now look forward to introducing our innovative digitalization solution to the North American market." -Switchio transport business leader, Jaroslav Stuchlík About Enghouse Transportation Enghouse Transportation is an innovative provider of end-to-end electronic ticketing technologies that also provides transit agencies and operators with improved passenger experiences and cost-cutting hardware and software solutions. Customized to the needs of each client, Enghouse Transportation delivers expert solutions in automated fare collection (AFC), sales and service, and back-office systems. For more information, please visit www.enghousetransportation.com. About Switchio Switchio is a powerful software platform that enables public transit operators to manage multiple open-loop electronic payments in a variety of ticketing modes under a single system. Delivered as a comprehensive white-label solution for contactless passenger ticketing, it brings operators substantial savings while elevating the passenger experience to new levels of convenience. In addition to transport, Switchio also has applications in sectors that include retail, parking and petrol stations. At its core is a secure payment switch that gives businesses the ability to partner with the acquirer and hardware provider of their choice. For more information, please visit Switchio.com.

Read More

LOGISTICS

Accenture Completes Acquisition of Capabilities from Trancom ITS

Accenture | July 04, 2022

Accenture (NYSE: ACN) has completed its acquisition of digital engineering and operational technology capabilities from Trancom ITS, a Japanese logistics technology services provider. Terms of the transaction, which Accenture announced on March 28, 2022, were not disclosed. Approximately 190 Transcom ITS engineers have joined Accenture Industry X in Japan as part of the transaction. They specialize in cloud-based logistics systems and optimizing warehouse operations with IoT and sensor technology. The acquisition strengthens Accenture’s digital engineering, manufacturing and logistics capabilities to offer hyper-automation solutions at scale, which manufacturing and logistics companies in Japan are increasingly demanding. About Accenture Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services and Accenture Song — all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 710,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at accenture.com.

Read More

TRANSPORTATION

Morgan Truck Body Unveils Electrified Truck Dry Freight Body of the Future During Work Truck Week 2022

Morgan Truck Body | March 10, 2022

Customers eager to transition to an electrified fleet can see the future up close as Morgan Truck Body unveils a prototype 24-foot dry freight cargo van body at Work Truck Week, March 8-11, 2022 in Indianapolis.“As Morgan Truck Body celebrates its 70th year, we are pushing forward with our goal to provide the most innovative EV solutions by working with Navistar to integrate our next-generation bodies with their electrified chassis,” says Tom Diez, Vice President Sales and Marketing at Morgan Truck Body, the largest manufacturer of medium-duty freight and refrigerated van and truck bodies in North America. “The last several years have also brought significant changes in e-commerce, middle- and last-mile delivery, and the movement of household goods. The demand for moving trucks, daily rentals and delivery box trucks has exploded as well as the demand for EV-focused fleets. Morgan is focused on customer solutions for the transition to zero-emission freight transportation.” “Navistar is committed to a zero-emission future and is proud to collaborate with Morgan on innovative electric chassis and body solutions,The partnership between Morgan and Navistar highlights the success of collaboration and technology integration as well as future possibilities with electric vehicle technology. This integration has led to new ideas and future product considerations that will continue to improve our customer experience and ensure successful adoption of electric vehicles as part of a holistic ecosystem solution.” -Jason Gies, Vice President, eMobility Business Development, Navistar. The Morgan Truck Body prototype incorporates new technologies and innovative features including: Weight Reduction – Engineered to offset the added weight associated with EV chassis, Morgan is using advanced composite wall panels and lighter materials for the frame, subframe and accessories to address payload capacity concerns, all without compromising structural integrity. Improved Aerodynamics – Addition of cab-mounted fairing, side skirting and wheel covers to extend operating range by reducing aerodynamic drag. Enhanced Situational Awareness – Cameras, sensors, and artificial intelligence designed to alert drivers to possible road hazards and distracted driving behavior, 360-degree vision systems that provide both the driver and loading personnel full visibility to the surrounding environment, and interior cargo cameras to detect hazardous load shift conditions. Morgan is investing heavily in manufacturing capacity for mounting commercial truck bodies to an electrified chassis. Strategic locations will be upgraded with charging infrastructure, new tools and processes, as well as training to ensure we are ready for this new future,” says Corby Stover, Vice President of Engineering at Morgan Truck Body. In addition to our current R&D efforts, we are developing an Innovation Lab at our Morgantown Headquarters that will be dedicated to improving materials and processes for EV upfitting solutions. Morgan Truck Body is painting a new picture for the future with plans for exciting EV-centric commercial truck body technologies. About Morgan Truck Body, LLC Those who depend on trucks to move their business choose Morgan Truck Body. As the company celebrates its 70th Anniversary, Morgan remains committed to its mission to design, build, sell, and support the most reliable truck bodies in the world, as the preferred global partner providing innovative middle-mile solutions connecting the world’s supply chain. Founded in 1952 and headquartered in Morgantown, PA, Morgan Truck Body is the largest manufacturer of light- and medium-duty truck bodies in North America. Morgan employs over 2,300 team members in 14 manufacturing locations and 8 service centers across the United States and Canada. Morgan Truck Body, LLC is a subsidiary of JB Poindexter & Co, an owner-operated business enterprise providing best-in-class automotive and manufacturing goods and services. www.MorganCorp.com About Navistar Navistar, Inc. (“Navistar”) is a purpose-driven company, reimagining how to deliver what matters to create more cohesive relationships, build higher-performing teams and find solutions where others don’t. Based in Lisle, Illinois, Navistar or its subsidiaries and affiliates produce International® brand commercial trucks and engines, IC Bus® brand school and commercial buses, all-makes OnCommand® Connection advanced connectivity services, and Fleetrite®, ReNEWed® and Diamond Advantage® brand aftermarket parts, and includes a Brazilian manufacturer of engines and gensets, MWM Motores Diesel e Geradores. With a history of innovation dating back to 1831, Navistar has more than 14,500 employees worldwide and is part of TRATON SE, a global champion of the truck and transport services industry. www.Navistar.com

Read More

Spotlight

This whitepaper serves as a support for all those who deal with the implementation of a supply chain risk management. Target this stand-guide is to give companies a checklist of all relevant performance ingredients for a professional composition of a supply chain risk management at hand.

Resources