CSOonline

Google launches dependency API and curated package repository with security metadata

This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming ...
Dark Reading

New Application Security Toolkit Uncovers Dependency Confusion Attacks

Dependency confusion is a pesky software development problem, as malicious actors employ a variety of tricks to trick developers and integrators into incorporating malicious software components into ...
Ars Technica

AI-generated code could be a disaster for the software supply chain. Here’s why.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...