// #threat-modeling

Developer Toolchains Are the New Perimeter — and the Industry Has Not Accepted It

Simultaneous CISA KEV additions for three developer toolchain compromises in one campaign makes the case explicitly: the software supply chain attack surface runs through the tools developers use, not just the code they write. The security industry is still catching up.