#software-supply-chain-security
#software-supply-chain-security

[ follow ]

The rise (and fall?) of shadow AI

As software application development teams now start to embrace an increasing number of automation tools to provide AI-driven (or at least AI-assisted) coding functions in their codebases, a Newtonian equal and opposite reaction is also surfacing in the shape of governance controls and guardrails to keep AI injections in check as these technologies now surface in the software supply chain.

Information security

fromWIRED

1 month ago

'Happy Gilmore' Producer Buys Spyware Maker NSO Group

North Korean operatives are posing as architecture professionals using fake profiles, résumés, and Social Security numbers to infiltrate US companies.

Software development

fromInfoQ

1 month ago

The Hidden Vulnerability of The Open Source Software Supply Chain: The Underlying Infrastructure

Brian Fox, Sonatype CTO and open source leader, guided Maven governance, OpenSSF/FINOS efforts, and advised governments on cyber resiliency including the EU Cyber Resilience Act.

Python

fromThe Hacker News

6 months ago

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

A malicious PyPI package named discordpydebug disguises itself as a Discord utility while incorporating a remote access trojan.

[ Load more ]

#software-supply-chain-security#software-supply-chain-security

The rise (and fall?) of shadow AI

'Happy Gilmore' Producer Buys Spyware Maker NSO Group

The Hidden Vulnerability of The Open Source Software Supply Chain: The Underlying Infrastructure

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

#software-supply-chain-security
#software-supply-chain-security