Pillar
Engineering-framed topics; secure-by-construction
17 articles • Page 1 of 2
In 2025 Sonatype counted 454,600 new malicious packages, and the easiest way in was phishing a trusted maintainer. Software supply chain risk is now a people problem, and the fix is verification cheap enough to actually use.
Non-compliance costs $14.82 million on average versus $5.47 million to maintain compliance, a 2.71x gap. Compliance engineering means building systems where evidence generates itself, not assembling it from memory before each audit.
Sonatype counted 1.23 million malicious packages. Your lockfile security posture determines whether those packages reach production or stop at the gate. The dependency layer is the attack surface now.
Prevention costs $5K-$15K per year. A single incident averages $254,445. The math is a 50-to-1 ratio. The psychology explains why 47% of small businesses still allocate zero.
60% of breaches involve the human element. Technology alone can't fix that. Security culture means everyone knows their role — not just the person who manages the firewall.
Cyber insurance isn't optional anymore — but most policies have exclusions that only show up after you file a claim. Here's how to have the right conversation before that happens.
Your vendor's security posture is part of your security posture. When they have access to your systems, their vulnerabilities become yours.
You don't need a CISO to have a cybersecurity policy. You need a one-page document that tells your team what's expected — and what to do when something goes wrong.
Employee training matters, but it's not a complete email security strategy. Here's what else you should have in place — and how AI has changed what 'suspicious' looks like.
