5 Questions to Ask Before Adopting an Open Source Dependency
Most open source dependency decisions don’t feel like decisions at all. The package looks familiar. Someone’s used it before. It solves the problem you’re trying to fix. So you add it and move on. The problem is, those choices tend to stick around. Once a dependency is part of your software, it’s rarely as temporary […]
The Riskiest Security Decisions Happen Before You Write Code
The biggest software security risk often enters long before scanners or alerts are involved. The moment a dependency is chosen is the moment trust is assumed, and that decision shapes everything that follows.
Introducing DepsDiver: Eliminating the Security Blind Spots in Your Dependencies
Hunted Labs is introducing DepsDiver, a new class of dependency security focused on uncovering foreign influence and code repository risk early and providing package alternatives. Dependency Risk Has Changed Open source is the foundation of modern software, but dependency decisions no longer happen the way security teams assume they do. In practice, most dependencies […]
Contributor Intelligence: Why People Behind the Code Matter More Than Ever
Vulnerabilities don’t show who controls your code. Contributor intelligence exposes hidden risks in open source supply chains.
Hunted Labs’ Principles for Open Source Security
The seven principles that anchor everything we do
Popping Fast-Glob’s Hood
Solo maintainer poses supply chain risk to more than 5,000 software packages, including container images in Node.js and Department of Defense systems
Introducing Entercept™ to Expose Threats in Your Applications
Representing the next generation of cybersecurity attribution and open source contributor intelligence, the AppSec Platform makes the invisible visible.
The Russian Open Source Project That We Can’t Live Without
Hunted Labs Discovers Suspicious Origins of Ubiquitous Open Source Package
