Our Blog Posts

Featured Blog

Disinformation Is An Open Source Problem

The Oxford dictionary defines disinformation as “false information which is intended to mislead.” That simple definition seems to understate the problem, given the fact that ...
Read More →
All Blog Posts
Python Repository
Python Artifact Repositories
Learn how to enable Dev and DevOps teams with secure, easily updatable Python wheels distributed via the ActiveState Artifact Repository.
Read More →
Python Packages Execute Malicious Code Automatically
Pip install and pip download can compromise your system with malware. Learn how you can counter this software supply chain threat.
Read More →
Supply chain Levels for Software Artifacts
What Are Supply Chain Levels for Software Artifacts (SLSA)?
SLSA improves software supply chain security by providing a framework for sourcing and building software more securely. Learn how.
Read More →
Securing the Ruby Software Supply Chain
Securing your Ruby software supply chain from end to end means implementing import, build and usage controls. Learn how.
Read More →
How Neural Networks Think
How Neural Networks Work
Learn how to use saliency maps to understand which parts of a photo neural networks consider important when classifying images.
Read More →
How to Manage Programming Language Upgrades and EOL
Learn how to reduce the costs of upgrading open source languages, as well as best practices when a programming language becomes EOL.
Read More →
GitHub Flooded with Malware
GitHub becomes weakest link in the software supply chain. Learn what you can do about it.
Read More →
Top 10 Malicious Package Scanners
Learn the top tools for detecting malware & typosquatting as well as countering dependency confusion in open source dependencies.
Read More →
Typosquatting Detection with Python
How To Detect Typosquatting With Python
Learn how to detect typosquatted packages before you import them by following along with this Python ML tutorial.
Read More →
How to Prevent Dependency Confusion
Learn the simple best practices you can implement to mitigate the risk of dependency confusion supply chain attacks.
Read More →
How to De-risk Unavailable Software Dependencies – Lessons Learned
Learn how to prevent broken software when an open source dependency you rely on disappears from its public repository.
Read More →
reproducible builds
How Reproducible Builds Foster Security
Reproducible builds are key to security, but expensive to set up and maintain. Learn how to get secure reproducible builds without the costs.
Read More →

Stay up-to-date with our mailing list

Scroll to Top