A Checkmarx report details an ‘Everything’ package distributed via the NPM registry that cripples any machine used to download it.
GitGuardian Adds Tool for Discovering Secrets in Public Repositories
GitGuardian added a tool that makes it possible for DevOps teams to search GitHub repos to determine if secrets have inadvertently found their way into other apps.
Summit Highlights Open Source Software Security Progress
The OpenSSF hosted a Secure Open Source Software (SOSS) Summit 2023 event during which it made available a Secure Open Source Software Vision Brief 2023.
Stop Leaking Secrets!
All too often, software teams trip over complexities and inadvertently leave secrets exposed in private and public software repositories.
I Guess This is Growing Up: Devs and CISA’s Secure-by-Design Guidelines
With the downward pressure of a global recession, inflation and general post-pandemic turbulence underpinning disruption to multiple facets of life, it seems only fair that we in the IT, software and security industry would eventually feel the winds of change, too. We have rolled with the punches of escalating cybercrime and data breaches; the collective, […]
The Role of SBOMs in Software Supply Chain Security
The software supply chain has become increasingly complex and dynamic with the rise of cloud computing, open source software and third-party software components and APIs. Widespread damage can occur if third-party APIs, cloud services, SDKs and open source software have security flaws. As a result, software supply chain security has emerged as a critical concern […]
Despite DevOps, Software Supply Chain Security Challenges Persist
A survey of 397 IT, cybersecurity and application development professionals conducted by Enterprise Strategy Group (ESG) found that while most respondents work for organizations that have adopted DevOps practices, multiple software supply chain security issues and DevSecOps concerns have yet to be addressed. The survey, conducted on behalf of Data Theorem, a provider of a […]
ReversingLabs: Increased Focus on Software Supply Chain Security
A global survey of 300 global executives, technology and security professionals found software containing vulnerabilities (82%) followed by secrets leaked through source code (55%), malicious code (52%) and suspicious code (46%) posed a serious risk to the business. Conducted by Dimensional Research on behalf of ReversingLabs, a provider of a platform for securing software supply […]
How DevSecOps Addresses Supply Chain Security
“The absence of security in the initial stages of system engineering is the single most significant cybersecurity gap and risk in modern system development.” This quote from tech entrepreneur Linda Rawson is a good reminder for the current cybersecurity threat situation. With software supply chain attacks increasing in aggressiveness and sophistication, organizations need to understand […]
npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
In this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad.










