The software supply chain security landscape has shifted considerably over the last year. Two of the most significant changes have been the move to a more formalized definition of the term "software supply chain security” and the development of a better understanding of what is needed to secure the software ... Read More

... Read More

Secrets leaks have become a disturbing trend on GitHub, and may pose a serious risk to your organization's software supply chain. Developers are leaving secrets such as login credentials, API keys, SSH keys, encryption keys, and database passwords exposed in their code and comments. Unfortunately, those secrets are an integral ... Read More

Software supply chain security is finally getting the attention it deserves with the recent announcement of a new supply chain risk management office in the Cybersecurity and Infrastructure Security Agency (CISA). The goal of the office is an ambitious one. It wants to help agencies, industry and other partners put ... Read More

Software Composition Analysis (SCA) tools have become a must-have for software engineering and application security teams, largely because of the increased use of open-source and third-party software. Open-source software (OSS) use in applications is estimated to range from 40% to more than 80% ... Read More

Since OpenAI gave the public access its ChatGPT application online in December, stories have appeared about how artificial intelligence (AI) can be exploited by bad actors to write malicious code. But even good actors can create security risks for their supply chains when using AI to produce code ... Read More

  Security teams should consider software supply chain risk through a new lens after the latest CircleCI incident ... Read More