Develop Secure Software logo
W4SP continues to nest in PyPI: Same supply chain attack, different distribution method
December 1, 2022

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Here's ReversingLabs' discoveries and indicators of compromise (IOCs) for W4SP, as well as links to our YARA rule that can be used to detect the malicious Python packages in your environment. 
Read More
Log4j one year in: Vulnerability fuels attacks — and a new urgency for software supply chain security
December 1, 2022

Log4j one year in: Vulnerability fuels attacks — and a new urgency for software supply chain security

One year ago, a vulnerability in Apache’s Log4j turned the security world on its ear. What has changed since then? Here are the key takeaways from Log4Shell's legacy.
Read More
Meta’s GDPR fine: Why your DevOps needs red teaming
November 30, 2022

Meta’s GDPR fine: Why your DevOps needs red teaming

Meta’s been fined $276 million for scraping data. What can you do to prevent this in your dev shop?
Read More
GitHub repojacking attack: 10 lessons for software teams
November 23, 2022

GitHub repojacking attack: 10 lessons for software teams

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.
Read More
Your support must scale: Don’t be like Meta, dev teams
November 22, 2022

Your support must scale: Don’t be like Meta, dev teams

Your users have targets on their backs: Is your dev team tooling up for that?
Read More
4 ways GitOps can help secure your software pipeline
November 21, 2022

4 ways GitOps can help secure your software pipeline

GitOps can help control configuration drift and enable your infrastructure security to shift left, for starters. Here are four ways it can enable better software security.
Read More

SUBSCRIBE

Subscribe to the develop.secure.software newsletter to stay up to speed, learn best practices and more.