Stephen Chin, VP of developer relations at JFrog, shares research of security vulnerabilities that the JFrog security team has identified and analyzed over recent month, including a malicious attack on the NuGet package repository, which threatened the software development cycle. JFrog’s recent investigations prove that no open source software repository can be considered completely trust-worthy, meaning safety measures should be taken at every step along the software development lifecycle. Ultimately, developers need to take caution when curating open-source components for use in their builds to ensure their software supply chain remains secure.