September 8, 2022
The U.S. government is sending developers back to school with a new document. But, oh my, what a lot of words.
September 7, 2022
The new guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. Here are four key takeaways.
September 6, 2022
Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.
August 31, 2022
In the most recent LastPass hack, bad actors stole source code and other secrets from its dev environment. Learn from it.
August 29, 2022
After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.