March 27, 2023
The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.
March 21, 2023
Software secrets are targeted by malicious actors. Here are three key steps to mitigate risk — and best practices you can take to prevent future breaches.
March 20, 2023
Experts weigh in on a new OpenSSF SLSA framework survey — and the overall state of supply chain security practices.
March 15, 2023
GitHub is a weak link in the software supply chain. Finally, Microsoft is doing something about it — by forcing users into two-factor authentication (2FA).
March 14, 2023
Here’s how attackers are finding software development secrets buried in code repositories — and exploiting them.
March 9, 2023
Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts.