Tangled Up in Transitive Dependencies 2 Comments / March 1, 2023 February 22, 2023 Tangled Up in Transitive Dependencies Dear Sloan, I just started a new job, and my first priority is to reduce our project vulnerabilities. When I investigated, I found that our … Read more NOW “Tangled Up in Transitive Dependencies”
Making Progress on Dependency Management in Manila 1 Comment / February 1, 2023 January 30, 2023 Making Progress on Dependency Management in Manila Dear Sloan, I’m a newer developer, and am experiencing the dreaded “dependency hell” for the first time. My team is starting to manage … Read more NOW “Making Progress on Dependency Management in Manila”
Contributor Wannabe in Cairo 2 Comments / January 9, 2023 January 5, 2023 OSS Contributor Wannabe in Cairo Dear Sloan, I’ve recently graduated from university with a degree in Software Engineering. I have spent the better part of the last six or so … Read more NOW “Contributor Wannabe in Cairo”
Bothered by Brandjacking 2 Comments / December 5, 2022 November 1, 2022 Bothered by Brandjacking Hey Sloan, You may remember when I wrote to you about typosquatting a few months ago? Your article helped me a lot, and I read up on … Read more NOW “Bothered by Brandjacking”
Software Supply Chain Query from São Paulo 2 Comments / October 19, 2022 October 19, 2022 Software Supply Chain Query from São Paulo Hello Sloan,My peers sometimes talk about the “software supply chain” or our “supply chain management.” I’m a programmer and don’t really get … Read more NOW “Software Supply Chain Query from São Paulo”
Terrified of Typosquatting Leave a Comment / September 6, 2022 August 17, 2022 Terrified of Typosquatting Dear Sloan, I’m a developer who works with a lot of open source software (OSS), and another developer told me to look out for typosquatting attacks. Is … Read more NOW “Terrified of Typosquatting”
Distressed over OSS in Inverness Leave a Comment / August 9, 2022 October 6, 2022 Distressed over OSS in Inverness Dear Sloan, I started a new job with a software development company at the end of last year. I work in HR but am in … Read more NOW “Distressed over OSS in Inverness”
Containers Crash Course Needed in Cape Town Leave a Comment / June 10, 2022 July 5, 2022 Containers Crash Course Needed in Cape Town Hello Sloan,I just started a new job and everyone at my new company loves using containers. I am familiar with the concept … Read more NOW “Containers Crash Course Needed in Cape Town”
Hashes, Hashes, We all Fall Down Leave a Comment / May 20, 2022 July 5, 2022 Hashes, Hashes, We All Fall Down Hi Sloan, I’ve always relied on hashes to identify threats across our network. We recently hired a new security engineer who insists relying on … Read more NOW “Hashes, Hashes, We all Fall Down”
Zero-Day Doom and Gloom Leave a Comment / May 2, 2022 July 5, 2022 Zero-Day Doom and Gloom Hi Sloan,When recent vulnerabilities like log4j and Spring4Shell were first reported, I heard them described with the words “zero-day”. It sounds pretty dark, like the … Read more NOW “Zero-Day Doom and Gloom”