April 18, 2024

OWASP looks to future-proof SBOMs with CycloneDX 1.6

OWASP is upgrading the SBOM standard for the quantum era, adding ML-readable attestation and more. Here's how it boosts software supply chain security.
April 11, 2024

XZ Trojan highlights supply chain risk from 'sock puppets'

There is no fool-proof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three key indicators. 
March 21, 2024

Memory-safety and security by design: Key insights, lessons

Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue.
March 5, 2024

NIST updates guidance: 3 ways to pump up your CI/CD security

The National Institute of Standards and Technology has beefed up its guidelines for securing CI/CD environments. Are you ready to bulk up your program?
January 3, 2024

The state of container security: 5 key steps to lock down releases

Here are best practices — and recommendations for tooling — to modernize your software supply chain security approach.
March 27, 2023

VS Code hack shows how supply chain attacks can spread

The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.