Tag: risk

Lately I’ve been talking a lot about the supply chain risk. You import some software, and are suddenly importing their business model and practices. Well, we’ve just had another ‘shenanigan’ unveiled. And its got some good drama.¬†https://github.com/dominictarr/event-stream/issues/116 In a nutshell …

Supply chain risk: more javascript npm shenanigans, OSS governance Read More »

Tagged with: , ,

So most of you will have the Slovak ‘NBU’ on your RSS speed-dial, but I found I was a bit behind on my reading of it. As I was catching up, skcsirt-sa-20170909-pypi caught my eye. In a nutshell, its around …

Pytosquatting, Supply Chain Risk, and the Slovak National Security Bureau Read More »

Tagged with: , , ,

  It finally happened to you. A developer used ‘import A’. A pulled in B, B pulled in C, D. D pulled in E… and somewhere along that chain evil lurked. Now all your bits are belong to l33t hackerz. …

Software supply chain risk management robots Read More »

Tagged with: , , ,