Blogs

A Curated Collection of Writings, Research, and Solutions

Application Security

CodeQL Compromised: How Public Secret Exposure Led to an Attack

In March 2025, the cybersecurity community was rocked by a significant supply chain attack targeting a popular third-party GitHub Action, tj-actions/changed-files. This incident, tracked as CVE-2025-30066, has exposed vulnerabilities in up to 23,000 repositories.
April 2, 2025
5 Minutes
Read More
Data Protection

Addressing RBI's Guidelines for Digital Payment Applications with CleanStart

The Reserve Bank of India (RBI) has issued Master Directions on cyber resilience and digital payment system controls emphasizing a "Secure by Design" approach under application security for digital payment systems. This directive underscores the growing importance of robust security measures in India's fast-growing digital payments landscape. It also marks a significant shift toward integrating security at every stage of the software development lifecycle (SDLC). This isn't merely a compliance checkbox; it's a fundamental necessity in today's threat landscape. This blog explores the technical complexities of implementing the framework, addressing key challenges, and presenting CleanStart as a robust solution.
March 4, 2025
6 Minutes
Read More
Cyber Security

The Evolution of CISOs: From Network Guardians to Product Security Leaders

After engaging with hundreds of CISOs worldwide, it has become evident that the role of the CISO is undergoing a significant transformation. As organizations increasingly evolve into technology-centric entities, the traditional network-focused security approach is no longer adequate.
March 1, 2025
5 Minutes
Read More
Application Security

Critical NVIDIA Container Toolkit Vulnerability: CVE-2025-23359

A security vulnerability, CVE-2025-23359, has been identified in the NVIDIA Container Toolkit. This is a bypass of the original patch for CVE-2024-0132. The vulnerability was discovered by Wiz Research.
February 20, 2025
4 Minutes
Read More
Application Security

Supply Chain Attack on lottie-player: A Wake-up Call for JavaScript Security

In February 2024, the JavaScript community faced another significant supply chain security incident when the popular lottie-player package was compromised. This attack serves as a stark reminder of the vulnerabilities in our modern software supply chain and the importance of maintaining robust security practices. Let’s dive into what happened, its implications, and how developers and organizations can protect themselves against similar threats.
December 18, 2024
7 Minutes
Read More
Application Security

Hidden Dangers: Why Vulnerable Container Images Cost More Than You Think

In today's cloud-native world, containers have become the building blocks of modern applications. Yet, beneath the surface of this technological revolution lurks a critical security challenge that many enterprises overlook – the security of their base container images.
December 5, 2024
5min Read
Read More
Cyber Security

The Evolution of Open-Source Software: Past, Present, and Future

Open-source software (OSS) has become a cornerstone of modern technology, driving innovation and collaboration across industries. From its humble beginnings to its current widespread adoption, OSS has transformed the tech landscape. This blog explores the journey of open-source software, its current state, and what the future holds.
November 27, 2024
6 Minutes
Read More
Data Protection

Container Image Signing: Enhancing Security in the Software Supply Chain

In today's rapidly evolving landscape of containerized applications, ensuring the integrity and authenticity of container images has become paramount. Container image signing is a crucial security practice that addresses these concerns, providing a robust mechanism to verify the origin and integrity of container images throughout the software supply chain
November 12, 2024
4min Read
Read More
Cyber Security

Busting Myths About Open Source and Containers

In the world of software development, open source and container technologies have revolutionized the way we build, deploy, and manage applications. However, several myths persist about their security and usage. Let’s debunk some of these common misconceptions. In the realm of software development, open source and container technologies have transformed the way applications are built, deployed, and managed. Despite their widespread adoption, several myths about their security and usage persist. This article aims to debunk these common misconceptions and provide a clearer understanding of the realities.
November 5, 2024
5min Read
Read More
Network Security

Strengthening Software Supply Chain Security with SLSA

In today’s digital landscape, securing the software supply chain has become a critical priority. With the increasing complexity of software development and deployment, ensuring the integrity and security of software artifacts is paramount. This is where SLSA (Supply Chain Levels for Software Artifacts) comes into play.
October 17, 2024
5min Read
Read More
Data Protection

The recent discovery of a critical vulnerability in NVIDIA

The recent discovery of a critical vulnerability in NVIDIA’s Container Toolkit (CVE-2024-0132) has sent shockwaves through the AI and DevOps communities. This vulnerability serves as a stark reminder of the hidden dangers lurking within our AI infrastructure. Here, we delve into the key lessons learned and the steps that AI practitioners and DevOps teams must take to safeguard their systems.
October 7, 2024
5min Read
Read More
Contact
About UsHow it WorksEvents
Solutions
Enhance SCAFIPS Compliance
Connect
Contact usCareers
Members of
Awarded with
CleanStart
Copyright 2025 © CleanStart
Privacy policyTerms & Condition