September 8, 2022
The U.S. government is sending developers back to school with a new document. But, oh my, what a lot of words.
September 7, 2022
The new guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. Here are four key takeaways.
September 6, 2022
Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.
August 29, 2022
After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.
August 25, 2022
Developers of the entertainment unit in the Hyundai Ioniq reused a code-signing key pair from an example, rather than generating their own.
August 18, 2022
With software supply chain attacks surging, app sec teams should shift gears from legacy vulnerabilities to open-source repos, dev tools, and tampering.
All Stories
Software Supply Chain Security
Dev & DevSecOps
CI/CD Security
Container Security