Industry Talk
Regular Industry Development Updates, Opinions and Talking Points relating to Manufacturing, the Supply Chain and Logistics.New guidance on software supply chain attacks
The OpenSSF is a great organisation that is definitely operating under full steam — they are making some serious progress on corralling the wild west of development repositories like npm, RubyGems, and PyPI.
The trick, of course, is going to be to get developers to go along with the best security practices, like two-factor authentication for project pushes. We also need to figure out how to get CI/CD pipelines to distinguish between critical “fix this gaping security hole now” updates and malicious “install my cryptominer now” updates to squatted or hijacked packages.
That’s going to be a challenge, since we can’t load up all the responsibility for security on volunteer developers, and we also need to be able to move quickly on critical updates while simultaneously being judicious with updates to production
January 29, 2025 Change your Password and go Passwordless- June 20, 2021 Tech products study reveals panic & profiteering during the pandemic
- June 10, 2020 Edge computing for IT/OT integration
- October 28, 2024 Linnworks Partners with Loop to Streamline Post-Purchase Experience for Retailers
- September 4, 2018 Renovotec Launches ‘Rugged Black Friday’ Campaign
- April 27, 2021 Over a third of IT leaders state their remote workers have knowingly put corporate data at risk
- July 26, 2021 Magicman Takes a Shine to Paperless Working with BigChange
- April 27, 2022 Is Your Business Facing Competition? Here’s How to Handle It
- July 31, 2019 THE NX GROUP OPTIMISES HIGH-TECH DISTRIBUTION OPERATION WITH PARAGON’S ROUTING AND SCHEDULING SOFTWARE
