An analysis of over 20 supply chain security vendors, from securing source code access and CI/CD pipelines to SCA, malicious dependencies, container security, SBOMs, code provenance, and more
In this talk, Louis covers 3 web cache related attacks: cache deception, edge side includes, and cache poisoning.
The good, the bad, and the lessons learned.
Travis McPeak recommends
Why patching in the real world is hard, and what to do about it.
Stanford Internet Observatory Research Scholar [Riana Pfefferkorn](https://twitter.com/Riana_Crypto) shares her thoughts on legal implications of the Cellebrite hack.
An excellent Twitter thread by Dev Akhawe on the value of making this switch, and challenges and lessons learned along the way.
In the wake of SolarWinds, Dino Dai Zovi describes how he recommends hardening your CI environment.
Ben Thompson describes how properties of the Internet enable companies providing the best user experience to win, which leads to a virtuous but anti-competitive cycle.
This paper lays out a framework for how organizations should communicate after a security incident.