1
A hacker group is poisoning open source code at an unprecedented scale
黑客通过VSCode扩展投毒开源代码,GitHub遭供应链攻击,规模史无前例。
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks.
2
Show HN: A timeline of recent open source CVE intensity and volume
可视化开源CVE趋势,揭示软件供应链安全恶化现状,简洁有力
I was curious what it would look like if I plotted the intensity and volume of software supply chain CVEs over time, given what seemed like a flood of…
3
国务院令第834号已落地:软件供应链安全,企业欠缺的不是工具,是这三件事
聚焦软件供应链安全实战,从Axios投毒事件到法规要求,揭示企业最欠缺的三个关键行动,而非工具。