August 31, 2022

LastPass hacked (again): What devs can learn

In the most recent LastPass hack, bad actors stole source code and other secrets from its dev environment. Learn from it.
August 29, 2022

New malicious packages in PyPI: What it means for securing open source repositories

After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.
August 26, 2022

5 reasons to stop blaming developers for software security fails

It's counterproductive to blame developers for software security woes. Here are five reasons why.
August 25, 2022

Hyundai devs used sample code signing keys, making updates vulnerable

Developers of the entertainment unit in the Hyundai Ioniq reused a code-signing key pair from an example, rather than generating their own.
August 22, 2022

To secure your CI/CD pipelines, round up the usual suspects

Exploring the “how” of CI/CD compromises, researchers show many of the culprits will be familiar to security teams.
August 18, 2022

6 reasons app sec teams should shift gears and go beyond legacy vulnerabilities

With software supply chain attacks surging, app sec teams should shift gears from legacy vulnerabilities to open-source repos, dev tools, and tampering.