September 7, 2022
The new guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. Here are four key takeaways.
September 6, 2022
Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.
August 31, 2022
In the most recent LastPass hack, bad actors stole source code and other secrets from its dev environment. Learn from it.
August 29, 2022
After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.
August 26, 2022
It's counterproductive to blame developers for software security woes. Here are five reasons why.
August 25, 2022
Developers of the entertainment unit in the Hyundai Ioniq reused a code-signing key pair from an example, rather than generating their own.
All Stories
Software Supply Chain Security
Dev & DevSecOps
CI/CD Security
Container Security