Idan Plotnik of Apiiro Security discusses the value of a risk-based approach to software development and deployment.
SolarWinds is testing a system of parallel build servers to help prevent a future supply chain attack on its infrastructure.
GitHub has patched a flaw in a backend system that in rare cases could have routed one user's authenticated session to another user's browser.
Attackers have increasingly targeted the software supply chain by populating package managers such as RubyGems and npm with malicious code.
GitHub has released a new code-scanning feature for both public and private repositories that finds security flaws before they make it into a codebase.