Develop Secure Software logo
OWASP looks to future-proof SBOMs with CycloneDX 1.6
April 18, 2024

OWASP looks to future-proof SBOMs with CycloneDX 1.6

OWASP is upgrading the SBOM standard for the quantum era, adding ML-readable attestation and more. Here's how it boosts software supply chain security.
Read More
XZ Trojan highlights supply chain risk from 'sock puppets'
April 11, 2024

XZ Trojan highlights supply chain risk from 'sock puppets'

There is no fool-proof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three key indicators. 
Read More
Suspicious NuGet package grabs data from industrial systems
March 26, 2024

Suspicious NuGet package grabs data from industrial systems

Espionage has long been a driver for malicious cyber campaigns. Here's what the RL research team knows about the suspicious SqzrFramework480 campaign.
Read More
Memory-safety and security by design: Key insights, lessons
March 21, 2024

Memory-safety and security by design: Key insights, lessons

Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue.
Read More
NIST updates guidance: 3 ways to pump up your CI/CD security
March 5, 2024

NIST updates guidance: 3 ways to pump up your CI/CD security

The National Institute of Standards and Technology has beefed up its guidelines for securing CI/CD environments. Are you ready to bulk up your program?
Read More
Attackers leverage PyPI to sideload malicious DLLs
February 20, 2024

Attackers leverage PyPI to sideload malicious DLLs

RL discovered two malicious PyPI packages and a larger subsequent campaign of packages — highlighting that DLL sideloading is an emerging method for software supply chain attacks.
Read More

SUBSCRIBE

Subscribe to the develop.secure.software newsletter to stay up to speed, learn best practices and more.