Tips from a CSO: How to Secure Your Software Supply Chain
March 25, 2024 | 8 min read
March 26, 2024
9 min read
Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a…
March 25, 2024 | 8 min read
March 14, 2024 | 7 min read
February 27, 2024 | 13 min read
February 7, 2024 | 15 min read
January 31, 2024 | 5 min read
January 24, 2024 | 15 min read
January 17, 2024 | 14 min read
January 12, 2024 | 9 min read
January 8, 2024 | 8 min read