Blog | ReversingLabs | Secure Software Blogwatch (3)

February 7, 2023

C-SCRM: We’re from the government — and we’re here to help with software supply chain security

A whole alphabet soup of agencies, offices and councils are springing up in D.C. and beyond. They’re trying to help us with the software supply chain security problem. It’s all about cybersecurity supply chain risk management, as the Washington wonks now insist on calling it. Beltway chatter is all C-SCRM this, guidance that and policy the other.

January 31, 2023

Google’s Open Source Team Layoffs A Security Risks

Firing ‘the best of the best’ in open source does not bode well for software security. Will the last to leave please turn off the lights?

January 24, 2023

Move over, npm: Now VS Code extensions can’t be trusted

It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect. In this week’s Secure Software Blogwatch, we run and hide.

January 18, 2023

GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’?

Machine learning can be a cognitive crutch, causing code vulnerabilities. Use with extreme caution!

January 11, 2023

If you don't love me now: JsonWebToken could break the software supply chain (again)

The JsonWebToken library has a serious flaw, which could lead to remote code execution. While exploitability is questionable, it could be a big problem.

January 4, 2023

PyTorch supply chain attack: Dependency confusion burns DevOps

The PyTorch open source software supply chain was compromised by a hacker publishing a malicious torchtriton clone on PyPI. Here's the craic.

December 20, 2022

DraftKings fantasy? How YOU can prevent credential stuffing attacks

There’s been a huge uptick in credential stuffing attacks, including at DraftKings. But dev teams can easily prevent it.

December 14, 2022

Ahoy! More insecure code washes ashore with AlphaCode

Here comes AlphaCode: Another AI code-generating parlor trick spitting out vulnerabilities. Is your software security team ready for the onslaught?

December 7, 2022

ChatGPT: Parlor trick or Stack Overflow replacement?

The initial flush of enthusiasm for ChatGPT has waned. And quite a few of the bugs in the buggy code it spits out are exploitable security vulnerabilities.

November 30, 2022

Meta’s GDPR fine: Why your DevOps needs red teaming

Meta’s been fined $276 million for scraping data. What can you do to prevent this in your dev shop?

November 22, 2022

Your support must scale: Don’t be like Meta, dev teams

Your users have targets on their backs: Is your dev team tooling up for that?

November 16, 2022

Track this: Apple, Google hit with BIG privacy law claims

Google has lost a long standing privacy case. And now Apple faces a big ol’ privacy class action. In this week’s Secure Software Blogwatch, we navigate the minefield.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Secure Software Blogwatch (3)

C-SCRM: We’re from the government — and we’re here to help with software supply chain security

Google’s Open Source Team Layoffs A Security Risks

Move over, npm: Now VS Code extensions can’t be trusted

GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’?

If you don't love me now: JsonWebToken could break the software supply chain (again)

PyTorch supply chain attack: Dependency confusion burns DevOps

DraftKings fantasy? How YOU can prevent credential stuffing attacks

Ahoy! More insecure code washes ashore with AlphaCode

ChatGPT: Parlor trick or Stack Overflow replacement?

Meta’s GDPR fine: Why your DevOps needs red teaming

Your support must scale: Don’t be like Meta, dev teams

Track this: Apple, Google hit with BIG privacy law claims

Topics

Special Reports

The State of Software Supply Chain Security 2024

Upcoming Webinars

ConversingLabs

Secure Software Blogwatch (3)

Topics

Follow us

Subscribe

Special Reports