Are You Still Wondering About Dependency Confusion Attacks?

By Luke Mcbride on June 03, 2021 featured

4 minute read time

Despite positive legislation and standards, open source software supply chains remain vulnerable to Dependency Confusion attacks by impersonating legitimate namespace.
Read More...

Malicious Attacks On Open Source Are Going to Get Worse: Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability

2 minute read time

Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, allowing hackers to poison the well, is going to get
Read More...

Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof

By Brian Fox on November 27, 2018 vulnerabilities

3 minute read time

Open source software is under attack, and the malicious attack on the popular npm event-stream 3 package, is just the latest proof.
Read More...

Who Cares if Supermicro Happened. Supply Chain Attacks are Real and It’s Time to Pay Attention

3 minute read time

Technology supply chain attacks are happening in the wild, and whether or not the Supermicro story is real, it should be a wake-up call for all of us.
Read More...