September 19, 2022

White House memo lays down the law on software supply chain security

The new memorandum calls on firms selling software to the federal government to attest to its conformity with NIST security standards. Here's what you need to know.
September 14, 2022

OpenSSF's npm best practices: A solid first step for software supply chain security — but trust issues remain

Here's what you need to know about the new OpenSSF npm security best practices.
September 8, 2022

U.S., OpenSSF school dev teams on supply chain security

The U.S. government is sending developers back to school with a new document. But, oh my, what a lot of words.
September 7, 2022

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

The new guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. Here are four key takeaways.
September 6, 2022

The SBOM is evolving: 4 key trends that will boost software supply chain security

Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.
August 29, 2022

New malicious packages in PyPI: What it means for securing open source repositories

After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.