Develop Secure Software logo
VS Code hack shows how supply chain attacks can extend to other software development tools
March 27, 2023

VS Code hack shows how supply chain attacks can extend to other software development tools

The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.
Read More
Secrets Exposed: How to mitigate risk from secrets leaks — and prevent future breaches
March 21, 2023

Secrets Exposed: How to mitigate risk from secrets leaks — and prevent future breaches

Software secrets are targeted by malicious actors. Here are three key steps to mitigate risk — and best practices you can take to prevent future breaches.
Read More
Software supply chain security practices are maturing — but it's a work in progress
March 20, 2023

Software supply chain security practices are maturing — but it's a work in progress

Experts weigh in on a new OpenSSF SLSA framework survey — and the overall state of supply chain security practices.
Read More
GitHub enforces 2FA — it’s about time (given the state of supply chain security)
March 15, 2023

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

GitHub is a weak link in the software supply chain. Finally, Microsoft is doing something about it — by forcing users into two-factor authentication (2FA).
Read More
Secrets Exposed: How hackers are gaining access to software secrets
March 14, 2023

Secrets Exposed: How hackers are gaining access to software secrets

Here’s how attackers are finding software development secrets buried in code repositories — and exploiting them. 
Read More
PyPI repo poisoned with "Colour-Blind" RAT
March 9, 2023

PyPI repo poisoned with "Colour-Blind" RAT

Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts.
Read More

SUBSCRIBE

Subscribe to the develop.secure.software newsletter to stay up to speed, learn best practices and more.