Lately I’ve been talking a lot about the supply chain risk. You import some software, and are suddenly importing their business model and practices. Well, we’ve just had another ‘shenanigan’ unveiled. And its got some good drama. https://github.com/dominictarr/event-stream/issues/116 In a nutshell…
Don's Blog Technology run (almost) amuck
Tag: supply-chain
Pytosquatting, Supply Chain Risk, and the Slovak National Security Bureau
So most of you will have the Slovak ‘NBU’ on your RSS speed-dial, but I found I was a bit behind on my reading of it. As I was catching up, skcsirt-sa-20170909-pypi caught my eye. In a nutshell, its around…
Software supply chain risk management robots
It finally happened to you. A developer used ‘import A’. A pulled in B, B pulled in C, D. D pulled in E… and somewhere along that chain evil lurked. Now all your bits are belong to l33t hackerz.…
login | 
(RSS)|Create Account|Update email pref
In the lower right you might see a red bell / push notification indicator, click it to enable push notifications (or link below this box).
See the previous archives
(RSS)|Create Account|Update email pref In the lower right you might see a red bell / push notification indicator, click it to enable push notifications (or link below this box).
See the previous archives
db on Never SSLunencrypted fake news? but what if they one day make the ssl leap? Think of the captive portals!
Jesse on Never SSLI'm more of a cnn.com kind of guy myself.
Dan BYRON on Robot vacuums: maps, securityThe cat would love to figure out how he could control Dusty before jumping on for a ride. Dusty is
Naseem on Increasing the usefulness of your Kubernetes Ingress loggingGreat post, thank you. Hopefully this becomes an out-of-the-box parser since fluent-bit and nginx-ingress are often both used in k8s
Top