supply-chain – Don's Blog

Tag: supply-chain

Supply chain risk: more javascript npm shenanigans, OSS governance

Posted on 2018-11-27 by

Lately I’ve been talking a lot about the supply chain risk. You import some software, and are suddenly importing their business model and practices. Well, we’ve just had another ‘shenanigan’ unveiled. And its got some good drama. https://github.com/dominictarr/event-stream/issues/116 In a nutshell …

Supply chain risk: more javascript npm shenanigans, OSS governance Read More »

Tagged with: risk, security, supply-chain

Pytosquatting, Supply Chain Risk, and the Slovak National Security Bureau

Posted on 2018-10-25 by

db Posted in all — 2 Comments ↓

So most of you will have the Slovak ‘NBU’ on your RSS speed-dial, but I found I was a bit behind on my reading of it. As I was catching up, skcsirt-sa-20170909-pypi caught my eye. In a nutshell, its around …

Pytosquatting, Supply Chain Risk, and the Slovak National Security Bureau Read More »

Tagged with: python, risk, security, supply-chain

Software supply chain risk management robots

Posted on 2018-10-25 by

db Posted in all — No Comments ↓

It finally happened to you. A developer used ‘import A’. A pulled in B, B pulled in C, D. D pulled in E… and somewhere along that chain evil lurked. Now all your bits are belong to l33t hackerz. …

Software supply chain risk management robots Read More »

Tagged with: python, risk, security, supply-chain

Jesse on Enjoy now? Give up welfare? What choices I must make!Jurassic Park
db on Enjoy now? Give up welfare? What choices I must make!How'd they know I was on welfare!
James De Rosa on Enjoy now? Give up welfare? What choices I must make!I was expecting this post to be a psych experiment about delayed gratification. But it was much better.
db on Goodby Mr Loser? We get a new projectorits laser, ALPD https://en.wikipedia.org/wiki/Laser-powered_phosphor_display
db on The WyzeCam / Xiaomi Fangi dunno there is a datasheet?