Verify the Whole Software Pipeline: The Friction, the Wins, and the Lessons from Adopting OWASP SPVS The OWASP Secure Pipeline Verification Standard (SPVS) reached version 1.0 in October 2025. We decided to use the standard across our organization for the reasons explained below. This post
TL;DR The open source supply chain threat landscape has fundamentally shifted. Three converging trends are redefining risk: Self-Propagating Worms Have Arrived Shai-Hulud (Sept 2025): First npm worm attack—stole credentials via postinstall hooks, then autonomously republished itself across ~700 package versions using compromised maintainer tokens. GlassWorm
Introduction Many organizations rely on ISO 27001 to build and maintain secure software development practices. Additionally, Annex A of the standard outlines specific controls designed to strengthen the Secure Development Lifecycle (SDLC). As a result, this article shows how Xygeni helps organizations apply these controls
Discover how exploitability-based security stops zero-day exploits and shields your systems from real threats
