dependencies
Dependency mapping: A beginner’s guide
Organizations everywhere use open source to expedite development, lower costs, and improve performance. Our annual State of the Software Supply Chain reports consistently reaffirm that open source comprises up to 90% of ...
npm Manifest Confusion – What Is It and Do You Really Need to Worry About It?
Yesterday, Darcy Clarke, a software developer and a former npm CLI team Engineering Manager, steered everyone’s attention towards a gap in the npm registry website – what he calls “manifest confusion.” ...
Top 10 Open Source Software Risks of 2023
Software supply chain issues continue to be a concerning subject of late. Open source software (OSS) has many benefits, yet relying on many open source dependencies could cause security woes if it ...
Why are dependency confusion attacks not going away?
Ever since the dependency confusion (or namespace confusion) technique gained widespread attention in early 2021, we are yet to see the momentum around these attacks slow down ...
2022 Cybersecurity Predictions From RSA Conference’s Advisory Board
A neighbor, who I haven’t seen in a while, asked me this morning, “What’s new?” and I could not think of a single thing. Somehow, we find ourselves on the precipice of ...
Fake npm Packages Found in GitHub Repository
Security researchers discovered four vulnerable npm packages uploaded to GitHub that were capable of collecting the user’s IP address, geolocation and device hardware data. Not all attacks have a high-visibility profile. Some ...
Using Components with Known Vulnerabilities
When an organization has a breach, you would like to imagine that the attacker crafted a new exploit, leveraging a zero-day vulnerability that no one has any protection against. However, It is ...
PyPi ‘Cheese Shop’ Malware Illustrates Software Supply Chain Risk Vector
Recent malware installed in PyPI underscores the need for code verification at the code repository level to defend the software supply chain ...
