SEARCH
Archive
Malicious Code Found in Package Repositories
Attackers have increasingly targeted the software supply chain by populating package managers such as RubyGems and npm with malicious code.
GitHub Releases Integrated Code Scanning Feature
GitHub has released a new code-scanning feature for both public and private repositories that finds security flaws before they make it into a codebase.
Decipher Podcast: David Brumley
David Brumley of Carnegie Mellon University and ForAllSecure joins Dennis Fisher to talk about securing the software supply chain.
Older Bugs in Software Add to Security Debt
In the rush to fix newer vulnerabilities, the older ones are left unaddressed. The resulting security debt increases the organization's risk of a breach, Veracode warned.
Being on the Latest Windows Version Can Thwart Zero Days
Zero day vulnerabilities exploited in the wild is never good news, but if the user's machine is running the latest version of the operating system, the chances are good that the attack won't be successful against that machine, according to a Microsoft security engineer.