Develop Secure Software logo
PyTorch supply chain attack: Dependency confusion burns DevOps
January 4, 2023

PyTorch supply chain attack: Dependency confusion burns DevOps

The PyTorch open source software supply chain was compromised by a hacker publishing a malicious torchtriton clone on PyPI. Here's the craic.
Read More
10 software supply chain attacks you can learn from
January 4, 2023

10 software supply chain attacks you can learn from

Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks. 
Read More
SentinelSneak: Malicious PyPI module poses as security SDK
December 19, 2022

SentinelSneak: Malicious PyPI module poses as security SDK

A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.
Read More
Ahoy! More insecure code washes ashore with AlphaCode
December 14, 2022

Ahoy! More insecure code washes ashore with AlphaCode

Here comes AlphaCode: Another AI code-generating parlor trick spitting out vulnerabilities. Is your software security team ready for the onslaught?
Read More
ChatGPT: Parlor trick or Stack Overflow replacement?
December 7, 2022

ChatGPT: Parlor trick or Stack Overflow replacement?

The initial flush of enthusiasm for ChatGPT has waned. And quite a few of the bugs in the buggy code it spits out are exploitable security vulnerabilities.
Read More
The state of software supply chain security report: Top takeaways for software development teams
December 7, 2022

The state of software supply chain security report: Top takeaways for software development teams

With supply chain attacks surging, now is the time to reflect — and look forward. ReversingLabs’ new report explores trends, best practices and more.
Read More

SUBSCRIBE

Subscribe to the develop.secure.software newsletter to stay up to speed, learn best practices and more.