Alex Birsan recently published his article "Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies" [https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610] in which he explains how he used language level package managers like npm (Javascript), pip (Python), and gems (Ruby) to get companies to install and| Private Packagist
n this post, we define supply chain security and discuss some common challenges organizations face and best practices for ensuring supply chain security.| blog.codacy.com
Get a complete overview of different open source risks so that you can better defend against software supply chain attacks.| www.sonatype.com
Dependency confusion exploits rely on a quirk in certain package managers. See how these attacks can happen, and get guidance on preventing them.| Dependency Heaven
What do ambulances in the UK, the Norwegian government, and a major Russian bank have in common? They were all victims of successful supply chain attacks| Spectral
How to build secure crypto wallets, analysing issues found during crypto wallet security audits.| Cossack Labs
Security responsibility of cloud providers: where it ends, what are the gaps, and what steps your team should make to improve cloud security strategy.| Cossack Labs