SCA Is Dead
SCA is dead. SCA does not provide proactive discovery and analysis....
Research | Jun 01, 2022
Hidden Dependencies Lurking in the Software Dependency Network
Part 1 in a blog series that will explore the software dependency network.
Chris Tokita, Data Scientist
What Happens to Author Reputation When Malicious Packages are Taken Offline?
What happens to an author after a malicious package is discovered and...
Aaron Bray, CEO
A Spooky Occurrence in the Open-Source Ecosystem: Hacktoberfest 2020
In this blog post, I explore a controversy that surrounds a prominent...
Chris Tokita, Data Scientist
Vulnerability Reporting Has Fallen Behind
With the explosion of new software over the past decade,...
Aaron Bray, CEO
Your Developer Workforce is Larger Than You Think
By using open source software, you expose yourself to the influence...
Aaron Bray, CEO
Build System and Version Control Compromises - the New Normal
While SolarWinds made headlines within the last few months for the...
Aaron Bray, CEO
What the History of Software Supply Chain Attacks Says About Today’s Risk
Despite attracting major media attention in the wake of the recent...
Aaron Bray, CEO
Internally Hosted Dependencies: A Losing Battle
Dependency confusion allows bad actors to emulate internal software...
Aaron Bray, CEO
Repo Jacking: Hidden Danger in Broken Links
Repo jacking is an insidious software supply chain issue. Attackers...
Aaron Bray, CEO
The State of the NPM Ecosystem
What does the upstream for major packages really look like? Over the...