Checkmarx, the industry pioneer in cloud-native application security for the enterprise, announced today that its security research team, Checkmarx Zero, has launched a collaborative application security (AppSec) research hub.
Checkmarx VP of Security Research Erez Yalon said, “The Checkmarx Zero team has always shared our findings with others in the research community within our blog and at more than 100 conference sessions. We invite other AppSec and software supply chain security researchers to explore our vulnerability research and to contribute their findings as we work together to keep our organisations safe.”
Checkmarx Zero hub
The Checkmarx Zero hub includes detailed findings based on years of dedicated research, including:
- 200+ vulnerabilities curated monthly.
- More than 130 zero-days.
- In-depth research reports including malicious package names and indicators of compromise (IOCs).
Addressing vulnerabilities
Checkmarx Zero has become well-known for the discovery of some significant vulnerabilities and threat campaigns in recent years, including:
- An Amazon Ring vulnerability that could have allowed access to users’ camera recordings.
- An ongoing campaign by a group nicknamed RED-LILI launched hundreds of malicious packages as part of node package manager (NPM) attacks on Azure and other developers.
- The first known software supply chain attacks targeted at the banking industry.
