August 12, 2022
The NVD as it is today does not tell the full story of software risk. Here's why the NVD — and your software security approach — need to be modernized.
August 2, 2022
Here is a run-down of the 10 streams from OpenSSF's Open Source Software Security Mobilization Plan.
July 12, 2022
ReversingLabs researchers uncovered a campaign to install malicious NPM modules harvesting sensitive data from forms embedded in mobile apps and websites.
June 29, 2022
Not knowing what’s in your food can have consequences. The same is true for software. You need a software bill of materials (SBOM) to minimize risk.
June 23, 2022
A survey of more than 300 software professionals found the threat of supply chain attacks looms large—but efforts to detect and block them lacking.
June 16, 2022
Travis CI cleartext logs are trivially easy to access—all 770 million of them. And researchers have found lots of sensitive data in a sample.