all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Supply chain security for Go, Part 2: Compromised dependencies

Add to bookmarks
June 23, 2023, 4 p.m. | Kimberly Samra (noreply@blogger.com)

Google Online Security Blog security.googleblog.com

Julie Qiu, Go Security & Reliability, and Roger Ng, Google Open Source Security Team

“Secure your dependencies”—it’s the new supply chain mantra. With attacks targeting software supply chains sharply rising, open source developers need to monitor and judge the risks of the projects they rely on. Our previous installment of the Supply chain security for Go series shared the ecosystem tools available to Go developers to manage their dependencies and vulnerabilities. This second installment describes the ways that Go …

amp attacks compromised dependencies developers google judge monitor open source open source security open source security team projects reliability rising risks roger security security team software software supply chains supply supply chain supply chains supply chain security targeting team

Visit resource

More from security.googleblog.com / Google Online Security Blog

Your Google Account allows you to create passkeys on your phone, computer and security keys 3 days, 2 hours ago | security.googleblog.com
account accounts apps brand +18
Detecting browser data theft using Windows Event Logs 4 days, 22 hours ago | security.googleblog.com
application attackers browser can +25
How we fought bad apps and bad actors in 2023 5 days, 22 hours ago | security.googleblog.com
android android security apps bad +18
Accelerating incident response using generative AI 1 week, 1 day ago | security.googleblog.com
automation block diana discover +21
Uncovering potential threats to your web application by leveraging security reports 1 week, 4 days ago | security.googleblog.com
api apis application browsers +15
Prevent Generative AI Data Leaks with Chrome Enterprise DLP 2 weeks, 2 days ago | security.googleblog.com
ai data businesses can chrome +23
How we built the new Find My Device network with user security and privacy in … 3 weeks, 5 days ago | security.googleblog.com
android android security crowdsourced data +13
Google Public DNS’s approach to fight against cache poisoning attacks 1 month ago | security.googleblog.com
addresses attacks cache cache poisoning +21
Address Sanitizer for Bare-metal Firmware 1 month, 1 week ago | security.googleblog.com
address android android security area +12

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Cryptography Software Developer

@ Intel | USA - AZ - Chandler
View on infosec-jobs.com

Lead Consultant, Geology

@ WSP | Richmond, VA, United States
View on infosec-jobs.com

BISO Cybersecurity Director

@ ABM Industries | Alpharetta, GA, United States
View on infosec-jobs.com

TTECH Analista de ciberseguridad

@ Telefónica | LIMA, PE
View on infosec-jobs.com

TRANSCOM IGC - Cloud Security Engineer

@ IT Partners, Inc | St. Louis, Missouri, United States
View on infosec-jobs.com

Sr Cyber Threat Hunt Researcher

@ Peraton | Beltsville, MD, United States
View on infosec-jobs.com
View more jobs