Develop Secure Software logo
Threat analysis: Malicious npm package mimics Material Tailwind CSS tool
September 23, 2022

Threat analysis: Malicious npm package mimics Material Tailwind CSS tool

ReversingLabs has discovered a malicious npm package disguised as the software tool Material Tailwind. Here's an in-depth look at our discovery — and threat analysis. (Updated with MachO executable information.)
Read More
Rust finds its mojo: Move forward to memory-safe code
September 22, 2022

Rust finds its mojo: Move forward to memory-safe code

It’s confirmed: The Linux kernel will have Rust support soon. Linus Torvalds and Mark Russinovich say the time is now if you want to memory-safe code.
Read More
White House memo lays down the law on software supply chain security
September 19, 2022

White House memo lays down the law on software supply chain security

The new memorandum calls on firms selling software to the federal government to attest to its conformity with NIST security standards. Here's what you need to know.
Read More
Why Twitter security sucks: Half of staff has PII access
September 15, 2022

Why Twitter security sucks: Half of staff has PII access

Twitter’s former head of security, Peiter “Mudge” Zatko (pictured), has some damning things to say about the service’s DevOps security — or lack of it.
Read More
OpenSSF's npm best practices: A solid first step for software supply chain security — but trust issues remain
September 14, 2022

OpenSSF's npm best practices: A solid first step for software supply chain security — but trust issues remain

Here's what you need to know about the new OpenSSF npm security best practices.
Read More
U.S., OpenSSF school dev teams on supply chain security
September 8, 2022

U.S., OpenSSF school dev teams on supply chain security

The U.S. government is sending developers back to school with a new document. But, oh my, what a lot of words.
Read More

SUBSCRIBE

Subscribe to the develop.secure.software newsletter to stay up to speed, learn best practices and more.