August 12, 2022

NVD Analysis 2022: Why you need to modernize your software security approach

The NVD as it is today does not tell the full story of software risk. Here's why the NVD — and your software security approach — need to be modernized.
August 2, 2022

OpenSSF's open source security mobilization initiative: Inside the 10-point action plan

Here is a run-down of the 10 streams from OpenSSF's Open Source Software Security Mobilization Plan.
July 12, 2022

IconBurst npm software supply chain attack grabs data from apps and websites

ReversingLabs researchers uncovered a campaign to install malicious NPM modules harvesting sensitive data from forms embedded in mobile apps and websites.
June 29, 2022

Know what's in your software with SBOM facts

Not knowing what’s in your food can have consequences. The same is true for software. You need a software bill of materials (SBOM) to minimize risk.
June 23, 2022

Software supply chain security top of mind for dev teams — but tampering detection lags

A survey of more than 300 software professionals found the threat of supply chain attacks looms large—but efforts to detect and block them lacking.
June 16, 2022

Software supply chain alert: ‘7 million’ cleartext access tokens in Travis CI logs

Travis CI cleartext logs are trivially easy to access—all 770 million of them. And researchers have found lots of sensitive data in a sample.