Senior Software Engineer, responsible for integrations and author of the "phylum" Python package. Documentation and quality champion, runner, baseball and scout dad, pod-faster, and lover of outdoors.
Learn basic techniques attackers use to create malicious packages with trojan features found in attacks including typosquatting, starjacking, dependency confusion, and lockfile injection.
The primary vector for malicious code running in software developer environments (e.g., local system, CI/CD runners, production servers, etc.) is software dependencies. This is third-party code which often means open-source software, also known as
I love podcasts. I started listening in 2005 with an Apple iPod I got the year before. To really date me, I used a 3.5mm auxiliary-to-cassette adapter plugged into my truck's tape deck