SEARCH
Archive
GitHub Launches Private Bug Reporting, Package Provenance Features
GitHub is launching two new features that enable developers to create a private vulnerability reporting channel and provide provenance attestations for their packages.
Supply Chain Attacks: ‘The Best Bang For Your Buck’
The supply chain attack against 3CX may have been planned for more than a year, and such intrusions are the best return on investment for attackers, researchers say.
CircleCI Warns Customers to Rotate Secrets After Security Incident
CircelCI said it is investigating a security incident and warned customers to rotate all of the secrets stored in the service.
Q&A: Dan Lorenc
Dan Lorenc discusses the rise of software supply chain security threats, the value of accurate asset inventory, and how companies are addressing these challenges.
Decipher Podcast: Dan Lorenc
Dan Lorenc, CEO and founder of Chainguard, joins Dennis Fisher to talk about supply chain security, asset inventory, Sigstore, and the challenges of helping developers write more secure code.