An analysis published by ReversingLabs, a provider of tools for securing application development environments, suggests that commercial software used in software supply chains is just as vulnerable as open-source code.
npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
In this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad.
Microservices Adoption and the Software Supply Chain
Software development is undergoing industrialization, with more and more software rapidly assembled out of components and an emphasis on building automation around software validation and release processes. Modern cloud-native software is no longer a monolithic application living in a single repo with the majority of its dependencies self-contained. It is integrated from third-party components provided […]
DevSecOps Trends to Know For 2021
For DevSecOps leaders, 2021 will be the year of the open source supply chain attack. It’s already starting, in fact. On January 7, security researchers at Sonatype identified three malicious Java components in the Maven Central repository. The components had identical names to reputable components. Then on January 20, the same research team found three […]
The 2016 State of Software Supply Chain Report is Here
Our State of the Software Supply Chain Report has just been released. Over the past year, we’ve amassed a great deal of data with respect to the staggering volume and variety of open source components flowing through software supply chains into development environments. This year, we assessed behaviors across 3,000 organizations and performed deep analysis […]
DevOpsSec: 1 in 16 Chances
The quantitative research summarized below, covering over 7,000 repositories across nearly 100 countries, highlights some of the challenges with quality at modern development velocities, especially important for DevOpsSec practices. By leveraging automation in your repository manager, you can improve application quality and reduce unplanned work while lowering exposure to risk. While this practice supports DevOpsSec initiatives, at […]
DevOps Leadership Series: Software Supply Chains
We kicked off this series on Monday with Gene Kim (@RealGeneKim) sharing his views on the big theme for DevOps in 2015: proving that DevOps is applicable for large organizations. Another theme that arose often during our recent “DevOps: Wine-ing, Not Whining” event was the importance of software supply chains. Every software development organization has a software […]







