Sign up to save your podcasts
Or
Share Code Supply Chain Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Code Supply Chain Security
There have been a number of attacks in the last few years on source code. In fact, I saw a new one this week for an e-commerce Wordpress plugin. This time hackers got access to the distribution server for the company, Fishpig, and altered the plug-ins that their customers download.
A few years ago this was big news, with the SolarWinds exploit. There was also an attack on PyPy, a popular Python package that many people include in their code. There have been no shortages of problems in npm packages as well. I'm sure this has happened in other software packages, which is scary. In the days of DevOps where we publish code from a repository, an exploit against your developers might go unnoticed. Then again, maybe not.
Read the rest of Code Supply Chain Security
View all episodes
By Steve Jones
4.9
99 ratings
There have been a number of attacks in the last few years on source code. In fact, I saw a new one this week for an e-commerce Wordpress plugin. This time hackers got access to the distribution server for the company, Fishpig, and altered the plug-ins that their customers download.
A few years ago this was big news, with the SolarWinds exploit. There was also an attack on PyPy, a popular Python package that many people include in their code. There have been no shortages of problems in npm packages as well. I'm sure this has happened in other software packages, which is scary. In the days of DevOps where we publish code from a repository, an exploit against your developers might go unnoticed. Then again, maybe not.
Read the rest of Code Supply Chain Security