Develop Secure Software logo
Go below the surface on tampering: The trouble with software integrity validation
June 2, 2022

Go below the surface on tampering: The trouble with software integrity validation

The growing number of software supply chain attacks is putting pressure on validation of software integrity
Read More
Coinminer and npm: What you see is not always what you get
June 1, 2022

Coinminer and npm: What you see is not always what you get

Source code analysis is always useful. It helps you detect threats early in the dev process. But it shouldn’t be the only tool in your security arsenal.
Read More
Beware: Overpowered plug-ins like PyPI can burn it all down
June 1, 2022

Beware: Overpowered plug-ins like PyPI can burn it all down

Here's why your software development team needs to think twice before using a powerful third-party plug-in.
Read More
It’s not a secret if you publish it on PyPI
June 1, 2022

It’s not a secret if you publish it on PyPI

Python packages can contain sensitive information. Here's how software development teams can keep secrets secret.
Read More
Groundhog day: NPM package caught stealing browser passwords
July 21, 2021

Groundhog day: NPM package caught stealing browser passwords

Today almost everyone knows that they need to protect their publicly exposed services and applications against the potential attacks from the outside
Read More
Third-party code comes with some baggage
July 7, 2021

Third-party code comes with some baggage

Recognize risks introduced by statically linked third-party libraries.
Read More

SUBSCRIBE

Subscribe to the develop.secure.software newsletter to stay up to speed, learn best practices and more.