Develop Secure Software logo
OWASP looks to future-proof SBOMs with CycloneDX 1.6
April 18, 2024

OWASP looks to future-proof SBOMs with CycloneDX 1.6

OWASP is upgrading the SBOM standard for the quantum era, adding ML-readable attestation and more. Here's how it boosts software supply chain security.
Read More
XZ Trojan highlights supply chain risk from 'sock puppets'
April 11, 2024

XZ Trojan highlights supply chain risk from 'sock puppets'

There is no fool-proof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three key indicators. 
Read More
Memory-safety and security by design: Key insights, lessons
March 21, 2024

Memory-safety and security by design: Key insights, lessons

Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue.
Read More
NIST updates guidance: 3 ways to pump up your CI/CD security
March 5, 2024

NIST updates guidance: 3 ways to pump up your CI/CD security

The National Institute of Standards and Technology has beefed up its guidelines for securing CI/CD environments. Are you ready to bulk up your program?
Read More
The state of container security: 5 key steps to lock down releases
January 3, 2024

The state of container security: 5 key steps to lock down releases

Here are best practices — and recommendations for tooling — to modernize your software supply chain security approach.
Read More
VS Code hack shows how supply chain attacks can spread
March 27, 2023

VS Code hack shows how supply chain attacks can spread

The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.
Read More

SUBSCRIBE

Subscribe to the develop.secure.software newsletter to stay up to speed, learn best practices and more.