Develop Secure Software logo
MITRE’s System of Trust: A proposed standard for software supply chain security
June 10, 2022

MITRE’s System of Trust: A proposed standard for software supply chain security

MITRE’s System of Trust framework is aiming to standardize how software supply chain security is assessed. MITRE's Robert Martin explains.
Read More
How to make C++ memory-safe? Chrome targets UAF bugs with garbage collection
June 7, 2022

How to make C++ memory-safe? Chrome targets UAF bugs with garbage collection

The solution to use-after-free bugs is to *not* free memory. Google’s Chrome team is the latest group to jump on the “temporal memory safety” bandwagon.
Read More
Go below the surface on tampering: The trouble with software integrity validation
June 2, 2022

Go below the surface on tampering: The trouble with software integrity validation

The growing number of software supply chain attacks is putting pressure on validation of software integrity
Read More
Proposal: It’s time to regulate and license devs
June 2, 2022

Proposal: It’s time to regulate and license devs

Software engineers are engineers. So why don’t we regulate them—as we do other professions that build critical infrastructure?
Read More
Coinminer and npm: What you see is not always what you get
June 1, 2022

Coinminer and npm: What you see is not always what you get

Source code analysis is always useful. It helps you detect threats early in the dev process. But it shouldn’t be the only tool in your security arsenal.
Read More
Beware: Overpowered plug-ins like PyPI can burn it all down
June 1, 2022

Beware: Overpowered plug-ins like PyPI can burn it all down

Here's why your software development team needs to think twice before using a powerful third-party plug-in.
Read More

SUBSCRIBE

Subscribe to the develop.secure.software newsletter to stay up to speed, learn best practices and more.