Increasingly we are seeing attacks against what is now commonly referred to as the software supply chain. One of the more notable examples in the last few months was from the Nodejs package management ecosystem [1]. In this case, an attacker convinced the owner of a popular but unmaintained Node package to transfer ownership to … Continue reading Software Supply Chain Risk Mitigation