Develop Secure Software logo
White House cyber strategy: A love/hate story
March 7, 2023

White House cyber strategy: A love/hate story

The new National Cybersecurity Strategy will punish big software developers for failing to follow best practices. And, for the first time, make them liable.
Read More
Google's open source team layoffs: Your software supply chain security is at risk
January 31, 2023

Google's open source team layoffs: Your software supply chain security is at risk

Firing ‘the best of the best’ in open source does not bode well for software security. Will the last to leave please turn off the lights?
Read More
Lessons from Log4Shell: 4 key takeaways for DevSecOps teams
January 26, 2023

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

Top leaders and practitioners from eBay, Fidelity, T-Mobile and Tasktop share lessons from the Log4Shell vulnerability. Here are four key takeaways.
Read More
Move over, npm: Now VS Code extensions can’t be trusted
January 24, 2023

Move over, npm: Now VS Code extensions can’t be trusted

It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect. In this week’s Secure Software Blogwatch, we run and hide.
Read More
AI unleashed: Are you prepared for the next generation of software supply chain attacks?
January 23, 2023

AI unleashed: Are you prepared for the next generation of software supply chain attacks?

ChatGTP and GitHub Copilot seem like a win for developers — under pressure to release new features continuously. But the code produced by generative AI needs serious scrutiny.
Read More
GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’?
January 18, 2023

GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’?

Machine learning can be a cognitive crutch, causing code vulnerabilities. Use with extreme caution!
Read More

SUBSCRIBE

Subscribe to the develop.secure.software newsletter to stay up to speed, learn best practices and more.