Home › author archive ›

Dana Crane

Python Packages Execute Malicious Code Automatically

Pip install and pip download can compromise your system with malware. Learn how you can counter this software supply chain threat.

Securing your Ruby software supply chain from end to end means implementing import, build and usage controls. Learn how.

Learn how to reduce the costs of upgrading open source languages, as well as best practices when a programming language becomes EOL.

GitHub becomes weakest link in the software supply chain. Learn what you can do about it.

Learn the simple best practices you can implement to mitigate the risk of dependency confusion supply chain attacks.

Learn how to prevent broken software when an open source dependency you rely on disappears from its public repository.

Reproducible builds are key to security, but expensive to set up and maintain. Learn how to get secure reproducible builds without the costs.

Programmatic generation of SBOMs is an emerging requirement for ISVs to allow them and their customers to assess software risk.

Python 3.11 offers a 25% speed boost without changing a single line of code. Learn how you Python applications can benefit.

Learn about the Open Source Security Foundation’s top recommendations toward better open source supply chain security for ISVs.

Download a precompiled Python Django and Ruby on Rails environment to learn which is better for building web apps or websites in 2022.

To avoid the Great Resignation, organizations must adopt both cultural change and automation tools, beginning with dependency automation.