Are You Still Wondering About Dependency Confusion Attacks?

By Luke Mcbride on June 03, 2021 featured

4 minute read time

Despite positive legislation and standards, open source software supply chains remain vulnerable to Dependency Confusion attacks by impersonating legitimate namespace.
Read More...

UK Government to Step Up Supply Chain Security following US Presidential Executive Order on Cybersecurity

By Ax Sharma on May 21, 2021 featured

7 minute read time

2021 is becoming the year of software supply chain security. In less than two weeks, both the US and UK governments made moves to step up their cybersecurity game.
Read More...

Biden’s Cybersecurity Executive Order: Everything You Need to Know You Learned in Kindergarten

By Matt Howard on May 18, 2021 featured

4 minute read time

Biden's Cybersecurity Executive Order, set to change secure development processes in the US, is actually quite simple to understand. You just have to go back to kindergarten.
Read More...

What is Dependency Confusion and Why Does it Matter in the Federal Sector?

By Jason Nalewak on May 14, 2021 government

8 minute read time

Developers in the federal space are not immune from dependency confusion attacks. Following Biden's Cybersecurity Executive Order, understanding the attack vector is even more crucial
Read More...

What You Need to Know about the Codecov Incident: A Supply Chain Attack Gone Undetected for 2 Months

By Ax Sharma on April 19, 2021 vulnerabilities

6 minute read time

A new software supply chain attack on software testing firm Codecov highlights why developers to take an active role in protecting their systems.
Read More...

Securing Software Supply Chains and Dependency Confusion — An Industry Perspective

By Derek Weeks on March 08, 2021 featured

28 minute read time

We sat down with experts from The Linux Foundation, Atlantic Council and Sonatype's own CTO to discuss recent software supply chain attacks, dependency confusion and security concerns.
Read More...

The SolarWinds Software Supply Chain Attack: How Developers Can Protect Applications

By Derek Weeks on December 22, 2020 vulnerabilities

7 minute read time

The SolarWinds software supply chain attack has made it clear that open source developers need to act now and intelligently manage third party dependencies to protect their apps.
Read More...

Breaching the U.S. Government through software supply chains: tracing the SolarWinds exploit upstream

By Ax Sharma on December 14, 2020 features

3 minute read time

The U.S. Government and FireEye experienced breaches due malicious software code injected upstream in the software supply chain of of their vendor, SolarWinds, where it would then flow downstream
Read More...

Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers

By Ax Sharma on November 08, 2020 github

5 minute read time

Gitpaste-12, a worming botnet, is extremely versatile in its advanced capabilities as it leverages trustworthy sites like GitHub and Pastebin to host itself.
Read More...