July 14, 2022

Devs: Prep for PQC — post-quantum cryptography

Experts say we need new key-exchange and signature algorithms, to resist attacks from quantum computing. Orgs have had a go, but now NIST has weighed in.
July 12, 2022

IconBurst npm software supply chain attack grabs data from apps and websites

ReversingLabs researchers uncovered a campaign to install malicious NPM modules harvesting sensitive data from forms embedded in mobile apps and websites.
July 7, 2022

Devs: Don’t do DIY cryptography — Police CyberAlarm shows why

It’s a truism often repeated: Don’t roll your own cryptography! The Police CyberAlarm service deftly shows why.
July 6, 2022

The state of container security: Teams and tools are key to releasing software confidently

Container adoption is ramping up. With software supply chain attacks also on the rise, you need to expand your software security approach. Here's how.
June 30, 2022

Copilot's rocky takeoff: GitHub ‘steals code’

Should you use GitHub Copilot? “No,” say open-source fans. “Heck no,” say lawyers. “Yeah,” say the sort of devs who do Stack Exchange copypasta.
June 29, 2022

Know what's in your software with SBOM facts

Not knowing what’s in your food can have consequences. The same is true for software. You need a software bill of materials (SBOM) to minimize risk.