Dev & DevSecOps

March 15, 2023

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

GitHub is a weak link in the software supply chain. Finally, Microsoft is doing something about it — by forcing users into two-factor authentication (2FA).
March 7, 2023

App sec is addicted to vulnerability reporting: Why supply chain security requires evolution

Here's what you need to know about app sec's addiction to vulnerabilities — and why application security needs to evolve to take on supply chain security.
March 7, 2023

White House cyber strategy: A love/hate story

The new National Cybersecurity Strategy will punish big software developers for failing to follow best practices. And, for the first time, make them liable.
March 2, 2023

The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability

New details expose that the recent hack on LastPass was worse than previously thought. Also: CISA has called for for software makers who develop insecure software to be held liable.
March 1, 2023

LastPass revelations: BIG lessons for DevSecOps teams

LastPass has revealed a little more about the vault breach that occurred during August last year. And there are big, big lessons to be learned for DevSecOps teams.
February 22, 2023

Developers beware: Imposter HTTP libraries lurk on PyPI

ReversingLabs researchers discovered more than three dozen malicious packages on the PyPI repository that mimic popular HTTP libraries.
February 21, 2023

Lesson from Core-JS: Beware hidden dependencies from indebted Russian developers

Denis Pushkarev has big debts — and his code is everywhere. The supply chain security alarm should be at DEFCON 2 by now. We sum it up at fast pace.
February 21, 2023

OSC&R targets software supply chains attacks

Here's what you need to know about OSC&R, along with expert insights on the new framework's potential to improve software supply chain security.