The guiding tenet of computer security is that an organization’s overall security is only as strong as its weakest link. While organizations around the globe routinely employ the use of powerful ...

As software supply chains grow increasingly interconnected, security threats continue to evolve. While common risks like third-party vulnerabilities and dependency issues are well-known, less-common ...

Everyone is talking about supply chain assurance like it is new. This is basically because of recent high-profile cases such as SolarWinds and Log4j. It’s not new. But, and this is partly evident in ...

Digital supply chain security has become a crucial topic for enterprises, especially during Cybersecurity Awareness Month. While cyberattacks may have been viewed as benign years ago, today’s ...

The rise of cyber attacks against software companies such as SolarWinds and the discovery of security vulnerabilities in popular open source software like Log4j used in critical systems have cast the ...

Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead.

In the beginning, we identified two major types of software supply chain attacks and nine minor types. The world keeps insisting on a broader definition. In the spring of 2020, it really mattered to ...