SEARCH
Archive
Ingredient List Only Part of the Recipe to Fix Supply Chain Security
The requirement for vendors to provide a software bill of materials for the apps they sell to federal agencies will only address part of the supply chain risk, experts say.
Q&A: Idan Plotnik
Idan Plotnik of Apiiro Security discusses the value of a risk-based approach to software development and deployment.
In Wake of SolarWinds Breach, the Challenge of Building Secure Software Remains
SolarWinds is testing a system of parallel build servers to help prevent a future supply chain attack on its infrastructure.
GitHub Fixes Bug That Could Have Routed Authenticated Sessions to Other Users
GitHub has patched a flaw in a backend system that in rare cases could have routed one user's authenticated session to another user's browser.
Malicious Code Found in Package Repositories
Attackers have increasingly targeted the software supply chain by populating package managers such as RubyGems and npm with malicious code.