Software Supply Chain Security Software supply chain security top of mind for dev teams — but detection lags Carolynn van Arsdale A survey of more than 300 software professionals found the threat of supply chain attacks looms large—but efforts to... Read More
Secure Software Blogwatch Rejoice, devs and all! Privacy Pass standard nukes CAPTCHAs Richi Jennings Apple is to support the new Privacy Pass standard, to “attest” that its users aren’t robots. Google is expected to be... Read More
Software Supply Chain Security Software supply chain alert: ‘7 million’ cleartext access tokens in Travis CI logs Richi Jennings Travis CI cleartext logs are trivially easy to access—all 770 million of them. And researchers have found lots of... Read More
Software Supply Chain Security A (partial) history of software supply chain attacks Paul Roberts SolarWinds put software supply chain hacks on the radar. But attacks aren’t new. In fact, they’re much older than you... Read More
Software Security 5 CI/CD breaches analyzed: Why you need to update your software security approach Carolynn van Arsdale Omer Gil and Daniel Krivelevich outlined the top 10 CI/CD security risks at RSA Conference, analyzing five recent... Read More
Software Supply Chain Security MITRE’s System of Trust: A proposed standard for software supply chain security Paul Roberts MITRE’s System of Trust framework is aiming to standardize how software supply chain security is assessed. MITRE's... Read More
Secure Software Blogwatch How to make C++ memory-safe? Chrome targets UAF bugs with garbage collection Richi Jennings The solution to use-after-free bugs is to *not* free memory. Google’s Chrome team is the latest group to jump on the... Read More
Threat Research Go below the surface on tampering: The trouble with software integrity validation Karlo Zanki The growing number of software supply chain attacks is putting pressure on validation of software integrity Read More
Secure Software Blogwatch Proposal: It’s time to regulate and license devs Richi Jennings Software engineers are engineers. So why don’t we regulate them—as we do other professions that build critical... Read More
Threat Research NPM coinminer: What you see is not always what you get Karlo Zanki Source code analysis is always useful. It helps you detect threats early in the dev process. But it shouldn’t be the... Read More
Software Supply Chain Security Software supply chain security top of mind for dev teams — but detection lags Carolynn van Arsdale A survey of more than 300 software professionals found the threat of supply chain attacks looms large—but efforts to... Read More
Secure Software Blogwatch Rejoice, devs and all! Privacy Pass standard nukes CAPTCHAs Richi Jennings Apple is to support the new Privacy Pass standard, to “attest” that its users aren’t robots. Google is expected to be... Read More
Software Supply Chain Security Software supply chain alert: ‘7 million’ cleartext access tokens in Travis CI logs Richi Jennings Travis CI cleartext logs are trivially easy to access—all 770 million of them. And researchers have found lots of... Read More
Software Supply Chain Security A (partial) history of software supply chain attacks Paul Roberts SolarWinds put software supply chain hacks on the radar. But attacks aren’t new. In fact, they’re much older than you... Read More
Software Security 5 CI/CD breaches analyzed: Why you need to update your software security approach Carolynn van Arsdale Omer Gil and Daniel Krivelevich outlined the top 10 CI/CD security risks at RSA Conference, analyzing five recent... Read More
Software Supply Chain Security MITRE’s System of Trust: A proposed standard for software supply chain security Paul Roberts MITRE’s System of Trust framework is aiming to standardize how software supply chain security is assessed. MITRE's... Read More
Secure Software Blogwatch How to make C++ memory-safe? Chrome targets UAF bugs with garbage collection Richi Jennings The solution to use-after-free bugs is to *not* free memory. Google’s Chrome team is the latest group to jump on the... Read More
Threat Research Go below the surface on tampering: The trouble with software integrity validation Karlo Zanki The growing number of software supply chain attacks is putting pressure on validation of software integrity Read More
Secure Software Blogwatch Proposal: It’s time to regulate and license devs Richi Jennings Software engineers are engineers. So why don’t we regulate them—as we do other professions that build critical... Read More
Threat Research NPM coinminer: What you see is not always what you get Karlo Zanki Source code analysis is always useful. It helps you detect threats early in the dev process. But it shouldn’t be the... Read More