Tag: supply chain attacks
Why DevOps is Key to Software Supply Chain Security
Organizations can maintain their DevOps momentum while protecting the software supply chain by shifting security left ...
npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
In this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad ...
Dev of core-js Will Flip Table ¦ Another 451 PyPI Maldeps
In this week’s #TheLongView: Denis Pushkarev is fed up with core-js freeloaders, and hundreds more malicious packages found at PyPI ...
To Prevent Supply Chain Attacks, Build Secure Code
More than a year after the massive SolarWinds cyberattack, targeted companies continue to feel its ramifications in both reputation and financial cost. Moreover, the global software supply chain remains vulnerable to severe ...
Secure Software Summit: The State of OSS Supply Chain Security
The open source software (OSS) supply chain is under attack. As evidenced by the recent Log4Shell vulnerability, the OSS supply chain is increasingly a focus for attackers seeking to exploit weak links ...
DAOPS Meetup 2021: Software Engineering, DevOps and DevSecOps
DAOPS Foundation—a non-profit organization committed to accelerating global digital transformation through technical standardization—is hosting the first ever DAOPS Meetup on May 18. The virtual meetup will bring together DevOps leaders from Sonatype, ...
Software Supply Chain Attacks: How to Disrupt Attackers
Supply chain attacks—compromising an organization via insecure components in its software supply chain—are a growing concern for organizations. Throughout the past three years, an increasing number of open source software package repositories ...