Drowning in Alerts: Why Open Source SAST Tools Can Become a Trap
What is SAST?SAST stands for Static Application Security Testing — automated tools that read through source code to detect security flaws before software is run. Think of it as a spellchecker for...
Read More
Lessons from npm Incidents on Strengthening Supply Chain Security
Reflections on Open Source Security and Supply Chain ProtectionThe recent npm package-related supply chain security incidents have understandably generated significant concern across our development ...
Read More
The Nx Supply Chain Attack: When Developer Tools Become Attack Vectors
Why This Attack Matters August 2025 marked one of the most consequential supply chain compromises in recent memory. Attackers managed to weaponize Nx, a popular monorepo build system, turning a tru...
Read More
Why the Core Tenets of Secure SDLC Still Apply to AI-Driven Software
🔐 AI may be changing how we build software, but it doesn’t change what secure development requires.Artificial Intelligence is reshaping our software ecosystems — enabling faster development,...
Read More
Threat Modeling AI Driven products: What Developers Must Add to Their Toolkit
“If we don’t understand how something can break, we’ll never build it securely.”— AppSec maxim, more relevant than ever in the era of AIAs we explored in our previous post, the foundations...
Read More