March 15, 2023
GitHub is a weak link in the software supply chain. Finally, Microsoft is doing something about it — by forcing users into two-factor authentication (2FA).
February 7, 2023
A whole alphabet soup of agencies, offices and councils are springing up in D.C. and beyond. They’re trying to help us with software supply chain security.
January 24, 2023
It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect. In this week’s Secure Software Blogwatch, we run and hide.
January 18, 2023
Machine learning can be a cognitive crutch, causing code vulnerabilities. Use with extreme caution!
January 11, 2023
The JsonWebToken library has a serious flaw — providing yet another example of the risks in uncontrolled software supply chains.
January 4, 2023
The PyTorch open source software supply chain was compromised by a hacker publishing a malicious torchtriton clone on PyPI. Here's the craic.
All Stories
Software Supply Chain Security
Dev & DevSecOps
CI/CD Security
Container Security