Tag: supply-chain
All the articles with the tag "supply-chain".
-
Dependency scanning should be a default, not a discipline
Vulnerability scanning fails like ergonomics: fine when you remember, forgotten the one time it matters. I created autoscan-kit to push the scan into places that fire on their own, so skipping it is harder than running it.
-
Most people doing 'vibe-coding' inherited a developer's attack surface without realizing it
Coding agents hand non-developers a developer's full attack surface, without the years of instinct that usually come with being in the trenches doing software development. The exposure is identical, but the defense is absent. The fix must live in the defaults.
-
The nx breach in swiss cheese slices: when every layer fails at once
A four-party supply-chain chain that ended in GitHub's internal repos was a swiss cheese event. Every layer had a hole. Where does the fix live?