It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with ...

Attacks on open-source and commercial software will continue to rise in 2023, says a new security vendor report on the software supply chain. However, the authors of the report also believe that ...

The "Omega" side of the project turns to the long-tail of software supply chain security, using automation and tooling to identify critical security vulnerabilities across a range of 10,000 widely ...

GitHub, the owner of the Node Package Manager (npm), proposes cryptographically linking source code and JavaScript packages in an effort to shore up supply chain security.

Software supply chain attacks are difficult to mitigate and carry a high cost. IBM’s Cost of a Data Breach Report 2023 found that the average cost of a software supply chain compromise was $4.63 ...

Software supply chain security, then, is all about verifying the authenticity and integrity of everything that goes into creating software in a way that is verifiable by consumers.

Software supply chain security is top of mind for every CISO, and this joint solution from JFrog and GitHub provides a critical, AI-infused cybersecurity control.” ...

GitHub has been focusing more on open-source security this year. At a White House summit in January, the company shared plans to up its game in the open-source software security space.

SLSA (Supply chain Levels for Software Artifacts, pronounced “salsa”) is a prescriptive, progressive set of requirements for build system security. There are four levels that the user ...

At its core, supply chain security is about how the world builds software. To drive true impact, these efforts will need to operate in support of the developers who design, build, and maintain the ...