March 7, 2023
The new National Cybersecurity Strategy will punish big software developers for failing to follow best practices. And, for the first time, make them liable.
March 7, 2023
Here's what you need to know about app sec's addiction to vulnerabilities — and why application security needs to evolve to take on supply chain security.
February 23, 2023
The Circle CI breach and other recent hacks expose why the secrets problem is so prolific. Learn the why in this first post in our Secrets Revealed series.
February 9, 2023
Aabquerys is a malicious npm package discovered typosquatting on a legitimate npm module that downloads malicious components, ReversingLabs discovered.
February 7, 2023
A whole alphabet soup of agencies, offices and councils are springing up in D.C. and beyond. They’re trying to help us with software supply chain security.
January 31, 2023
Firing ‘the best of the best’ in open source does not bode well for software security. Will the last to leave please turn off the lights?