Software bill of materials (SBOM) strategies are rapidly evolving. What began as a way to track open source components for compliance and vulnerability management is quickly expanding into something much larger: a ...

Why bother hunting for a CVE when you can just publish malicious code straight into the software supply chain? That’s the story behind the latest wave of Shai-Hulud-related npm compromises, which recently ...

AI-powered development tools accelerate the production of software. But they also introduce a familiar challenge: how do you ensure that what's generated is secure, compliant, and trustworthy? ...

Software supply chain security is maturing. The practitioners leading that charge deserve more than a customer portal ...

"Opportunity is missed by most people because it is dressed in overalls and looks like work."— Thomas A. Edison ...

AI coding assistants promised to transform software development. And in many ways, they have: coding tasks that once took hours now take minutes, boilerplate nearly writes itself, and entire teams have leveled ...

The Shai-Hulud campaign is back, but this time with improved automation, persistence tactics, and a new name. In a matter of days, the self-replicating "Sha1-Hulud" malware has resulted in thousands of malicious packages, ...

The Common Vulnerabilities and Exposures (CVE) system has been called the backbone of modern cybersecurity. For decades, it's been the shared language connecting scanners, advisories, compliance frameworks, and government policy ...