develop.secure.software | Practical knowledge for dev and release teams (2)

Threat Research

Beware: Overpowered plug-ins like PyPI can burn it all down

Karlo Zanki

Here's why your software development team needs to think twice before using a powerful third-party plug-in.

Threat Research

It’s not a secret if you publish it on PyPI

Karlo Zanki

Python packages can contain sensitive information. Here's how software development teams can keep secrets secret.

Threat Research

Groundhog day: NPM package caught stealing browser passwords

Karlo Zanki

Today almost everyone knows that they need to protect their publicly exposed services and applications against the...

Threat Research

Third-party code comes with some baggage

Karlo Zanki

Recognize risks introduced by statically linked third-party libraries.

Threat Research

It only takes one line of code to ruin your day

Chris Hoff

Much like SolarWinds before it, this incident shows we need to take a more critical look at the software we are using...

Software Assurance

A CISO’s guide to protecting against modern software threats

Chris Hoff

How to Rebuild Trust in the SDLC and 3rd Party Software Supply Chain

Threat Research

SunBurst: The next level of stealth

Tomislav Peričin

SolarWinds compromise exploited through sophistication and patience

Threat Research

Mining for malicious Ruby gems

Tomislav Maljic

Typosquatting barrage on RubyGems software repository users

Software Supply Chain Security

Why you need to prioritize development and software supply chain security

ReversingLabs

Enterprise software development graduated from the “waterfall” framework of development and operations

Software Supply Chain Security

How to detect software supply chain attacks

ReversingLabs

There are many reasons software supply chain attacks are attractive to cyber criminals

Threat Research

Beware: Overpowered plug-ins like PyPI can burn it all down

Karlo Zanki

Here's why your software development team needs to think twice before using a powerful third-party plug-in.

Threat Research

It’s not a secret if you publish it on PyPI

Karlo Zanki

Python packages can contain sensitive information. Here's how software development teams can keep secrets secret.

Threat Research

Groundhog day: NPM package caught stealing browser passwords

Karlo Zanki

Today almost everyone knows that they need to protect their publicly exposed services and applications against the...

Threat Research

Third-party code comes with some baggage

Karlo Zanki

Recognize risks introduced by statically linked third-party libraries.

Threat Research

It only takes one line of code to ruin your day

Chris Hoff

Much like SolarWinds before it, this incident shows we need to take a more critical look at the software we are using...

Software Assurance

A CISO’s guide to protecting against modern software threats

Chris Hoff

How to Rebuild Trust in the SDLC and 3rd Party Software Supply Chain

Threat Research

SunBurst: The next level of stealth

Tomislav Peričin

SolarWinds compromise exploited through sophistication and patience

Threat Research

Mining for malicious Ruby gems

Tomislav Maljic

Typosquatting barrage on RubyGems software repository users

Software Supply Chain Security

Why you need to prioritize development and software supply chain security

ReversingLabs

Enterprise software development graduated from the “waterfall” framework of development and operations

Software Supply Chain Security

How to detect software supply chain attacks

ReversingLabs

There are many reasons software supply chain attacks are attractive to cyber criminals