Our Blog Posts

Featured Blog

Disinformation Is An Open Source Problem

The Oxford dictionary defines disinformation as “false information which is intended to mislead.” That simple definition seems to understate the problem, given the fact that ...
Read More →
All Blog Posts
Search
SEC Cybersecurity Metrics
SEC Cybersecurity Disclosure And The Missing Metrics
SEC cybersecurity disclosures need to be based on AppSec, InfoSec and increasingly software supply chain metrics. Learn what they are.
Read More →
GitHub Fork Bomb
GitHub’s Malicious Repo Explosion & How to Avoid It
GitHub malware fork bombs poison the software supply chain at the point of source code generation. Learn how to avoid becoming a victim.
Read More →
Vendor Risk Management
The Problem With Vendor Risk Management For FinServ
Vendor risk management spikes when evaluating the cybersecurity practices of open source authors. Learn how you can better manger their risk.
Read More →
Eliminate Malware
How to Eliminate the Threat of Malware
Eliminating malware from the software supply chain means building dependencies from source code. Learn how to do it cost effectively.
Read More →
How Secure is your Python?
How Secure Should Your Python Supply Chain Be?
The security risk appetite for a project evolves over time. Learn how ActiveState's tiered approach reduces risk as requirements evolve. 
Read More →
Vulnerabilities by Owner
It’s Zero Day! Do You Know Where Your Vulnerabilities Are?
Ransomware attacks are increasingly being launched from malware originating in open source ecosystems. Learn what you can do about it.
Read More →
Dependency Build Automation
Best Practices: Building Dependencies From Source Code Without The Pain
Building open source dependencies from source code is painful, but it's the only way to ensure security. Learn how to automate the process.
Read More →
Codebase Updates
Best Practices: How To Update Your Codebase Without Breaking The Build
Most organizations never update their codebase for fear of breaking the build. Here's how to manage the risk and minimize the cost.
Read More →
How to Secure Your Codebase
Best Practices: How to Secure Your Codebase
The best way to avoid remediating vulnerabilities is to start with a non-vulnerable codebase. Learn the best practices to starting secure.
Read More →
Cybersecurity Resolutions for 2024
2024 New Year’s Cybersecurity Resolutions
The US government has begun prosecuting software vendors with lax cybersecurity controls. Learn how to conquer your bad security habits.
Read More →
From Zero Days to Heroic Plays – 2023 a Year in Review
As we reflect on the software landscape of 2023, the overarching theme that defined the year was the growing emphasis on securing the software supply ...
Read More →
2023 Software Supply Chain Security Year in Review
2023 was marked by a spike in software supply chain threats, attacks & legislation. We review some of the most significant ones.
Read More →

Stay up-to-date with our mailing list

Scroll to Top