January 24, 2023
It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect. In this week’s Secure Software Blogwatch, we run and hide.
January 23, 2023
ChatGTP and GitHub Copilot seem like a win for developers — under pressure to release new features continuously. But the code produced by generative AI needs serious scrutiny.
January 18, 2023
Get out in front of software supply chain compliance requirements for a competitive advantage. Here's what your software organization needs to know.
January 17, 2023
Security teams should consider consider software supply chain risk through a new lens after the latest CircleCI incident.
January 11, 2023
The JsonWebToken library has a serious flaw — providing yet another example of the risks in uncontrolled software supply chains.
January 4, 2023
The PyTorch open source software supply chain was compromised by a hacker publishing a malicious torchtriton clone on PyPI. Here's the craic.
All Stories
Software Supply Chain Security
Dev & DevSecOps
CI/CD Security
Container Security