Open Source and Software Supply Chain Risks
‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought
Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...
‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE
Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ...
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Linux Vendors Squawk: PATCH NOW — CVSS 9.8 Bootkit Bug in shim.efi
Snow joke: A Microsoft researcher found it—and it’s somehow Microsoft’s fault ...
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Black Duck audits reporting update: Streamlined view of risks and remediation steps
New Synopsys Black Duck® engagement summary report summarizes a breadth of insights across all domains of software due diligence. Introducing the new engagement summary report Synopsys is offering a new Black Duck® ...
The parallels of AI and open source in software development
Parallels between the history of open source and the rise of AI in software development can teach us valuable AppSec lessons ...
The rise of AI in software development
Generative artificial intelligence tools are changing the world and the software development landscape significantly. Our webinar series will help you understand how ...
Why nontechnical organizations need due diligence
Software impacts tech and nontech businesses alike, which is why a strategic acquirer or PE firm always needs due diligence. ...
Defending against malicious packages in the npm ecosystem and beyond
Learn how to shield your organization from the danger of malicious packages in the npm ecosystem and beyond. ...
