all InfoSec news
Supply chain security for Go, Part 2: Compromised dependencies
Malware Analysis, News and Indicators - Latest topics malware.news
Julie Qiu, Go Security & Reliability, and Roger Ng, Google Open Source Security Team
“Secure your dependencies”—it’s the new supply chain mantra. With attacks targeting software supply chains sharply rising, open source developers need to monitor and judge the risks of the projects they rely on. Our previous installment of the Supply chain security for Go series shared the ecosystem tools available to Go developers to manage their dependencies and vulnerabilities. This second installment describes the ways that Go …
amp attacks compromised dependencies developers google judge monitor open source open source security open source security team projects reliability rising risks roger security security team software software supply chains supply supply chain supply chains supply chain security targeting team