What the History of Software Supply Chain Attacks Says About Today’s Risk
Despite attracting major media attention in the wake of the recent...
Research | Jun 01, 2022
Hidden Dependencies Lurking in the Software Dependency Network
Part 1 in a blog series that will explore the software dependency network.
Chris Tokita, Data Scientist
Internally Hosted Dependencies: A Losing Battle
Dependency confusion allows bad actors to emulate internal software...
Aaron Bray, CEO
Repo Jacking: Hidden Danger in Broken Links
Repo jacking is an insidious software supply chain issue. Attackers...
Aaron Bray, CEO
How to Understand and Defend Against SolarWinds-Type Attacks
In late 2020, one of the most devastating cyber attacks of the last...
Aaron Bray, CEO
The Anatomy of a Malicious Package (Part 2)
Picking up where we left off in the last article, it's time to start...
Aaron Bray, CEO
The Anatomy of a Malicious Package
What does a malicious package actually look like in practice? We'll...
Aaron Bray, CEO
The State of the NPM Ecosystem
What does the upstream for major packages really look like? Over the...
Aaron Bray, CEO
Typosquatting and Other Attacks Against Open Source Dependencies
In November of 2018, a malicious Javascript package was identified...
