Welcome to our blog

Get the latest insights from our team & community.

Stay in the know.

Get the latest cybersecurity news, product updates, and resources by email.

Your Developer Workforce is Larger Than You Think
  • Software Supply Chain Security

Your Developer Workforce is Larger Than You Think

Do you trust your developers? 

Aaron Bray, CEO
Aaron Bray, CEO - May 18, 2021
Build System and Version Control Compromises - the New Normal
  • Software Supply Chain Security

Build System and Version Control Compromises - the New Normal

While SolarWinds made headlines within the last few months for the sheer scope of impact, a sharp uptick in build and version control system compromises have followed in the intervening months,...

Aaron Bray, CEO
Aaron Bray, CEO - April 25, 2021
What the History of Software Supply Chain Attacks Says About Today’s Risk
  • Software Supply Chain Security

What the History of Software Supply Chain Attacks Says About Today’s Risk

Despite attracting major media attention in the wake of the recent SolarWinds breach, software supply chain attacks are not a new concept. In this post, we take a look at the last forty years and...

Aaron Bray, CEO
Aaron Bray, CEO - April 21, 2021
Internally Hosted Dependencies: A Losing Battle
  • Software Supply Chain Security

Internally Hosted Dependencies: A Losing Battle

There are well-known issues and uncertainties that come with third-party dependencies such as stale libraries containing vulnerabilities, malicious authors, and poorly-vetted contributions. As a...

Aaron Bray, CEO
Aaron Bray, CEO - March 23, 2021
  • Software Supply Chain Security

Repo Jacking: Hidden Danger in Broken Links

When contemplating the dangers of 3rd party libraries, there are a lot of things you can't control. While issues related to direct contribution or account compromises are certainly things to look out...

Aaron Bray, CEO
Aaron Bray, CEO - March 17, 2021
How to Understand and Defend Against SolarWinds-Type Attacks
  • Software Supply Chain Security

How to Understand and Defend Against SolarWinds-Type Attacks

In late 2020, one of the most devastating cyber attacks of the last decade was discovered: the SolarWinds breach. It was a notable event for two primary reasons. First, the threat actors achieved an...

Aaron Bray, CEO
Aaron Bray, CEO - January 9, 2021
The Anatomy of a Malicious Package (Part 2)
  • Technical

The Anatomy of a Malicious Package (Part 2)

Picking up where we left off in the last article, it's time to start thinking about improving our situation. To recap, we've now got initial execution on a victim system, we're able to successfully...

Aaron Bray, CEO
Aaron Bray, CEO - August 28, 2020
The Anatomy of a Malicious Package
  • Technical

The Anatomy of a Malicious Package

What does a malicious package actually look like in practice? We'll walk through some hypothetical exercises to see how malware generally works, and what sort of functions we might expect, from...

Aaron Bray, CEO
Aaron Bray, CEO - August 21, 2020
  • Software Supply Chain Security

The State of the NPM Ecosystem

What does the upstream for major packages really look like? Over the past few years, the shape of the open source ecosystem landscape has shifted drastically, exploding both in the volume of...

Aaron Bray, CEO
Aaron Bray, CEO - August 10, 2020
Supply Chain Security
  • Software Supply Chain Security

Typosquatting and Other Attacks Against Open Source Dependencies

In November of 2018 a malicious Javascript package was identified and subsequently removed from the NPM ecosystem. A nefarious modification was introduced into this package, flatmap-stream, which was...

Louis Lang, CTO
Louis Lang, CTO - July 27, 2020
1 2