September 28, 2022

DevOps teams: BGP security is BAD. But you can fix it

Border Gateway Protocol’s security is laughable — but there are things you can do to mitigate the risks.
September 23, 2022

Threat analysis: Malicious npm package mimics Material Tailwind CSS tool

ReversingLabs has discovered a malicious npm package disguised as the software tool Material Tailwind. Here's an in-depth look at our discovery — and threat analysis. (Updated with MachO executable information.)
September 22, 2022

Rust finds its mojo: Move forward to memory-safe code

It’s confirmed: The Linux kernel will have Rust support soon. Linus Torvalds and Mark Russinovich say the time is now if you want to memory-safe code.
September 19, 2022

White House memo lays down the law on software supply chain security

The new memorandum calls on firms selling software to the federal government to attest to its conformity with NIST security standards. Here's what you need to know.
September 15, 2022

Why Twitter security sucks: Half of staff has PII access

Twitter’s former head of security, Peiter “Mudge” Zatko (pictured), has some damning things to say about the service’s DevOps security — or lack of it.
September 14, 2022

OpenSSF's npm best practices: A solid first step for software supply chain security — but trust issues remain

Here's what you need to know about the new OpenSSF npm security best practices.