Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

A Non-Programmer Introduction to the Software Supply Chain (Electron)

By Luke Mcbride on October 14, 2021 Software Supply Chain
Connecting the larger use by the software industry of component programs to something most people have on their machine right now: The Electron Framework.
Read More...

Software Supply Chains: an Introductory Guide

By Luke Mcbride on October 08, 2021 Open Source
Take a closer look at the software supply chain, including what it contains, why it’s important, and how to protect it from vulnerabilities.
Read More...

This npm Package Could Have Brought Down Cloudflare’s Entire CDN and Millions of Websites

By Ax Sharma on July 16, 2021 vulnerabilities
Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS, that threatened the security, integrity, and availability of the wider supply chain.
Read More...

Kaseya Ransomware: a Software Supply Chain Attack or Not?

By Matt Howard on July 06, 2021 vulnerabilities
As companies scramble to address and resolve this devastating attack, we look at what makes a supply chain and what it takes to address upstream attacks.
Read More...

What Does NIST’s Definition of Critical Software Mean to You?

By Matt Howard on June 28, 2021 government
NIST's definition of Critical Software in relation to the 2021 Cybersecurity Executive Order may seem broad, but its immediate implementation is limited.
Read More...

How Does Securing the Software Supply Chain Fit the DoD CIO Zero Trust Architecture?

Curious how the DoD Zero Trust Architecture relates to secure development and protecting your software supply chain? We're breaking that down for you.
Read More...

Are You Still Wondering About Dependency Confusion Attacks?

By Luke Mcbride on June 03, 2021 featured
Despite positive legislation and standards, open source software supply chains remain vulnerable to Dependency Confusion attacks by impersonating legitimate namespace.
Read More...

UK Government to Step Up Supply Chain Security following US Presidential Executive Order on Cybersecurity

By Ax Sharma on May 21, 2021 featured
2021 is becoming the year of software supply chain security. In less than two weeks, both the US and UK governments made moves to step up their cybersecurity game.
Read More...

Biden’s Cybersecurity Executive Order: Everything You Need to Know You Learned in Kindergarten

By Matt Howard on May 18, 2021 featured
Biden's Cybersecurity Executive Order, set to change secure development processes in the US, is actually quite simple to understand. You just have to go back to kindergarten.
Read More...