…and I am writing about code supply chain compromise again this week. PyPi.
PyPi is a well-respected repository of python code – I used it myself whilst at uni – but to try and get to grips with the influx of malicious code it has closed its doors to new accounts and code:
PyPI temporarily pauses new users, projects amid high volume of malware (bleepingcomputer.com)
PyPi. Your takeaway from this is:
If you have custom software or code on your website then you or the people responsible for your cyber security need to check the management of that code.
Not sure what that means?
Then have a look at this article:
What do you know about your website?
or this – which discusses the type of checklist you need:
Now those examples are looking at WordPress and websites, but the same process can be applied to your custom applications.
Clive Catton MSc (Cyber Security) – by-line and other articles