Software Supply Chain Security

January 24, 2023

Move over, npm: Now VS Code extensions can’t be trusted

It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect. In this week’s Secure Software Blogwatch, we run and hide.
January 23, 2023

AI unleashed: Are you prepared for the next generation of software supply chain attacks?

ChatGTP and GitHub Copilot seem like a win for developers — under pressure to release new features continuously. But the code produced by generative AI needs serious scrutiny.
January 19, 2023

The Week in Security: PyPI hit by ‘Lolip0p’ info-stealing attack, ransomware targets ship fleet

This week: A new software supply chain attack has been discovered on PyPI. Also: A ransomware attack on ship management software impacts 1000 vessels.
January 18, 2023

Supply chain security and compliance: Why software organizations should get out in front of requirements

Get out in front of software supply chain compliance requirements for a competitive advantage. Here's what your software organization needs to know.
January 13, 2023

The CircleCI hack is a red flag for security teams on software supply chain risk

Security teams should consider consider software supply chain risk through a new lens after the latest CircleCI incident.
January 12, 2023

App sec and the supply chain: Work in tandem with engineers to achieve true software security

Application security is foundational to the software supply chain security ecosystem. But it takes a village. Derek Fisher explains in this fireside chat. 
January 11, 2023

If you don't love me now: JsonWebToken could break the software supply chain (again)

The JsonWebToken library has a serious flaw, which could lead to remote code execution. While exploitability is questionable, it could be a big problem.
January 11, 2023

After hack, CircleCI tells devs to update secrets now

In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers.