September 8, 2022

U.S., OpenSSF school dev teams on supply chain security

The U.S. government is sending developers back to school with a new document. But, oh my, what a lot of words.
September 7, 2022

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

The new guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. Here are four key takeaways.
September 6, 2022

The SBOM is evolving: 4 key trends that will boost software supply chain security

Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.
August 31, 2022

LastPass hacked (again): What devs can learn

In the most recent LastPass hack, bad actors stole source code and other secrets from its dev environment. Learn from it.
August 29, 2022

New malicious packages in PyPI: What it means for securing open source repositories

After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.
August 26, 2022

5 reasons to stop blaming developers for software security fails

It's counterproductive to blame developers for software security woes. Here are five reasons why.