Welcome to our blog

Get the latest insights from our team & community.

Stay in the know.

Get the latest cybersecurity news, product updates, and resources by email.

  • Software Supply Chain Security

Recent NPM Malware

NPM, JavaScript’s most popular package manager, has seen a rash of malware incidents over the last year. This culminated in major community-impacting breaches in the last few weeks. Let’s dig into...

Peter Morgan, President
Peter Morgan, President - November 16, 2021
  • Software Supply Chain Security

SCA Is Dead

The Evolution of Open Source If you are familiar with the application security space, you might feel a bit confused. Many Software Composition Analysis (SCA) products exist, after all. With so many...

Aaron Bray, CEO
Aaron Bray, CEO - November 10, 2021
  • Software Supply Chain Security

What Happens to Author Reputation When Malicious Packages are Taken Offline?

Overview There has been an unprecedented rise in malware identified throughout the open-source ecosystem. Over the last several months alone, thousands of bad packages have been removed from package...

Aaron Bray, CEO
Aaron Bray, CEO - October 18, 2021
Computer and Pumpkin
  • Software Supply Chain Security

A Spooky Occurrence in the Open-Source Ecosystem: Hacktoberfest 2020

One of the things that excites me about the open-source software ecosystem is entirely outside the technical components of code and computation. Instead, as someone whose PhD was focused on behavior...

Chris Tokita, Data Scientist
Chris Tokita, Data Scientist - September 30, 2021
  • Software Supply Chain Security

Vulnerability Reporting Has Fallen Behind

There has been an explosion in new software over the past 3-10 years. The amount of new software released and the number of new software developers entering the job market has increased dramatically....

Aaron Bray, CEO
Aaron Bray, CEO - September 28, 2021
Your Developer Workforce is Larger Than You Think
  • Software Supply Chain Security

Your Developer Workforce is Larger Than You Think

Do you trust your developers? 

Aaron Bray, CEO
Aaron Bray, CEO - May 18, 2021
Build System and Version Control Compromises - the New Normal
  • Software Supply Chain Security

Build System and Version Control Compromises - the New Normal

While SolarWinds made headlines within the last few months for the sheer scope of impact, a sharp uptick in build and version control system compromises have followed in the intervening months,...

Aaron Bray, CEO
Aaron Bray, CEO - April 25, 2021
What the History of Software Supply Chain Attacks Says About Today’s Risk
  • Software Supply Chain Security

What the History of Software Supply Chain Attacks Says About Today’s Risk

Despite attracting major media attention in the wake of the recent SolarWinds breach, software supply chain attacks are not a new concept. In this post, we take a look at the last forty years and...

Aaron Bray, CEO
Aaron Bray, CEO - April 21, 2021
Internally Hosted Dependencies: A Losing Battle
  • Software Supply Chain Security

Internally Hosted Dependencies: A Losing Battle

There are well-known issues and uncertainties that come with third-party dependencies such as stale libraries containing vulnerabilities, malicious authors, and poorly-vetted contributions. As a...

Aaron Bray, CEO
Aaron Bray, CEO - March 23, 2021
  • Software Supply Chain Security

Repo Jacking: Hidden Danger in Broken Links

When contemplating the dangers of 3rd party libraries, there are a lot of things you can't control. While issues related to direct contribution or account compromises are certainly things to look out...

Aaron Bray, CEO
Aaron Bray, CEO - March 17, 2021
1 2