Securing Software Supply Chains and Dependency Confusion – An Industry Perspective

Following a growing trend in software supply chain attacks which use “dependency or namespace confusion” techniques, I sat down for a discussion on software supply chain security with a few experts on the topic ... Read More

White House Releases Executive Order on America’s Software Supply Chains

Following the end of 2020 software supply chain attacks on SolarWinds that impacted multiple government agencies and private sector companies, President Biden issued a 2021 executive order  asking for a comprehensive review of all government supply chains ... Read More

The SolarWinds Software Supply Chain Attack: How Developers Can Protect Applications

If you didn’t know what a software supply chain was - let alone a software supply chain attack - you do now. As someone who’s been researching, studying and talking about this attack vector for the past seven years, the malicious attack on SolarWinds’ Orion leading to public and private ... Read More

Money Doesn’t Buy Happiness, But Happy Developers Protect Money

If money “makes the world ’go round” -- then today, software developers are the ones pushing and spinning the globe. Every day developers ensure that digital money (and other financial products and services) is securely routed around the planet as intended. And the happy ones do it best. The financial ... Read More
UPDATE: 21 SaltStack Breaches with 2900 Still Vulnerable

UPDATE: 21 SaltStack Breaches with 2900 Still Vulnerable

| | AppSec, SBOM, SCA
UPDATE for May 31, 2020: We first published this story over a week ago, but adversaries don't rest. On Friday, Cisco announced that they have discovered SaltStack compromises on six of their salt-master servers - part of the Cisco Internet Routing Lab Personal Edition service infrastructure. This brings the total ... Read More

Free DevOps: Hatched in Response to COVID-19

| | 2020 All Day DevOps
I’ve now been working from home for 30 days since Maryland closed our public schools and advised its citizens distance themselves. It was also 30 days ago that we had nearly 1,000 executives and managers at State Farm preparing to receive a small group of All Day DevOps speakers for ... Read More

Continuous Delivery For All

Jez Humble’s (@jezhumble) career has spanned roles through coding, infrastructure, and product development across three continents and organizations of varying sizes. To say he knows a lot about continuous delivery is a total understatement. In 2010, he and Dave Farley literally wrote the book on Continuous Delivery — and if you have ... Read More

Sonatype Partners with All Day DevOps to Deliver the Largest DevOps Conference for 36,000

Four years ago, my colleague Mark Miller and I founded the All Day DevOps conference with seven friends from around the community. We planned the conference in 90 days and expected 1,000 folks to show up to listen to the 57 speakers we had vetted for the agenda. As it ... Read More