Securing the Ruby Software Supply Chain20220825120031

Securing the Ruby Software Supply Chain

Dana CraneLast Updated: August 25, 2022dependency confusion, ruby, ruby programming language, rubygems, secure build service, supply chain security, typosquatting
Securing your Ruby software supply chain from end to end means implementing import, build and usage controls. Learn how....
How to Manage Programming Language Upgrades and EOL20220811130311

How to Manage Programming Language Upgrades and EOL

Dana CraneLast Updated: August 11, 2022End of Life, EOL, EOL support, Open source programming languages, Programming language upgrades
Learn how to reduce the costs of upgrading open source languages, as well as best practices when a programming language becomes EOL....
GitHub Flooded with Malware20220808111356

GitHub Flooded with Malware

Dana CraneLast Updated: August 8, 2022dependency confusion, github, malware, supply chain security, typosquatting
GitHub becomes weakest link in the software supply chain. Learn what you can do about it....
How to Prevent Dependency Confusion20220721151717

How to Prevent Dependency Confusion

Dana CraneLast Updated: July 21, 2022dependency confusion, dependency vendoring, secure build service, supply chain security
Learn the simple best practices you can implement to mitigate the risk of dependency confusion supply chain attacks....
How to De-risk Unavailable Software Dependencies – Lessons Learned20220714145605

How to De-risk Unavailable Software Dependencies – Lessons Learned

Dana CraneLast Updated: July 14, 2022atomicwrites, dependency vendoring, leftpad, pypi, software dependency availability, supply chain security
Learn how to prevent broken software when an open source dependency you rely on disappears from its public repository....
How Reproducible Builds Foster Security20220707145301

How Reproducible Builds Foster Security

Dana CraneLast Updated: July 7, 2022reproducible builds, SLSA, Supply chain levels for Software Artifacts, supply chain security
Reproducible builds are key to security, but expensive to set up and maintain. Learn how to get secure reproducible builds without the costs....
How Software Bill Of Materials (SBOMs) Support Secure Development20220703134325

How Software Bill Of Materials (SBOMs) Support Secure Development

Dana CraneLast Updated: July 3, 2022License compliance, SBOM, Software bill of materials, Software Package Data Exchange, SPDX, supply chain security
Programmatic generation of SBOMs is an emerging requirement for ISVs to allow them and their customers to assess software risk....
Python 3.11 Breaks Speed Barriers20220616174844

Python 3.11 Breaks Speed Barriers

Dana CraneLast Updated: June 17, 2022python, Python 3.11, python programming
Python 3.11 offers a 25% speed boost without changing a single line of code. Learn how you Python applications can benefit....
The “low hanging fruit” approach to software supply chain security20220609123921

The “low hanging fruit” approach to software supply chain security

Dana CraneLast Updated: June 23, 2022open source security foundation, open srouce, software supply chain security, supply chain security, Supply Chain Threat Model
Learn about the Open Source Security Foundation's top recommendations toward better open source supply chain security for ISVs....
WebApp Framework Showdown: Django vs Rails20220602140540

WebApp Framework Showdown: Django vs Rails

Dana CraneLast Updated: June 2, 2022django, ruby on rails, web app development, web framework, website development
Download a precompiled Python Django and Ruby on Rails environment to learn which is better for building web apps or websites in 2022....