June 14, 2022

A (partial) history of software supply chain attacks

SolarWinds put software supply chain hacks on the radar. But attacks aren’t new. In fact, they’re much older than you suspect! Here’s a (partial) history.
June 10, 2022

MITRE’s System of Trust: A proposed standard for software supply chain security

MITRE’s System of Trust framework is aiming to standardize how software supply chain security is assessed. MITRE's Robert Martin explains.
June 2, 2022

Go below the surface on tampering: The trouble with software integrity validation

The growing number of software supply chain attacks is putting pressure on validation of software integrity
June 1, 2022

Coinminer and npm: What you see is not always what you get

Source code analysis is always useful. It helps you detect threats early in the dev process. But it shouldn’t be the only tool in your security arsenal.
June 1, 2022

Beware: Overpowered plug-ins like PyPI can burn it all down

Here's why your software development team needs to think twice before using a powerful third-party plug-in.
June 1, 2022

It’s not a secret if you publish it on PyPI

Python packages can contain sensitive information. Here's how software development teams can keep secrets secret.