Most common security acronyms explained
8 minute read time
SAST, DAST, CSA, OSSM, SCA? What do these acronyms mean, what exactly do they do, and why does it matter?
Read More...
Gartner: You Must Assess Overall Software Health and Welfare
4 minute read time
Gartner reports that mature organizations are expanding open-source management to include health assessment by default.
Read More...
A More Secure Web Needs Developers, Defenders, Advocates, and OSS
2 minute read time
The largest gathering of Infosec professionals met in Washington, D.C. to discuss the future of web security. Open source software is at the core of it.
Read More...
Development Velocity Is a Surprisingly Good Thing, Says Researchers
2 minute read time
Organizations with DevOps culture produce high frequency release schedules and stronger MTTU (mean time to update) response scores, to the benefit of all.
Read More...
Toyota developed a vehicle production framework, still in use today, that shapes contemporary software supply chain management, too.
Read More...
Free Software, But No Free Lunch
2 minute read time
Today's threat surface is the software itself. How can Fortune 100 companies and others protect themselves? One security practice is counterintuitive.
Read More...
PyPi 'Cheese Shop' Malware Illustrates Software Supply Chain Risk Vector
3 minute read time
Malicious actors circumvented the PyPI package repo manager, a classic case demonstrating why understanding open source code dependencies is critical.
Read More...
A World of Infinite Choice in Open Source Software
3 minute read time
The 2019 Software Supply Chain Report explains the development environment we're all living in and what we can learn from exemplar dev teams.
Read More...
What 36,000 OSS Projects and 12,000 Commercial Dev Teams Taught Us About Secure Coding Practices
2 minute read time
Our 2019 State of the Software Supply Chain Report Reveals Best Practices From 36,000 OSS Dev Teams and 12,000 commercial software engineering teams.
Read More...