September 19, 2022
The new memorandum calls on firms selling software to the federal government to attest to its conformity with NIST security standards. Here's what you need to know.
September 14, 2022
Here's what you need to know about the new OpenSSF npm security best practices.
September 8, 2022
The U.S. government is sending developers back to school with a new document. But, oh my, what a lot of words.
September 7, 2022
The new guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. Here are four key takeaways.
September 6, 2022
Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.
August 29, 2022
After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.