Develop Secure Software logo
If you don't love me now: JsonWebToken breaks the software supply chain (again)
January 11, 2023

If you don't love me now: JsonWebToken breaks the software supply chain (again)

The JsonWebToken library has a serious flaw — providing yet another example of the risks in uncontrolled software supply chains.
Read More
PyTorch supply chain attack: Dependency confusion burns DevOps
January 4, 2023

PyTorch supply chain attack: Dependency confusion burns DevOps

The PyTorch open source software supply chain was compromised by a hacker publishing a malicious torchtriton clone on PyPI. Here's the craic.
Read More
10 software supply chain attacks you can learn from
January 4, 2023

10 software supply chain attacks you can learn from

Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks. 
Read More
SentinelSneak: Malicious PyPI module poses as security SDK
December 19, 2022

SentinelSneak: Malicious PyPI module poses as security SDK

A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.
Read More
Ahoy! More insecure code washes ashore with AlphaCode
December 14, 2022

Ahoy! More insecure code washes ashore with AlphaCode

Here comes AlphaCode: Another AI code-generating parlor trick spitting out vulnerabilities. Is your software security team ready for the onslaught?
Read More
ChatGPT: Parlor trick or Stack Overflow replacement?
December 7, 2022

ChatGPT: Parlor trick or Stack Overflow replacement?

The initial flush of enthusiasm for ChatGPT has waned. And quite a few of the bugs in the buggy code it spits out are exploitable security vulnerabilities.
Read More

SUBSCRIBE

Subscribe to the develop.secure.software newsletter to stay up to speed, learn best practices and more.