Tyler Reguly, Associate Director of Security R&D at Fortra, was featured in a Cybernews article examining whether it is safe to run software updates during active supply chain attacks. The article reviews recent compromises in open‑source ecosystems like PyPI and npm, and explains why operating system updates are generally lower risk due to stronger review and signing processes. Tyler’s contribution focuses on developer behavior and highlights how failing to pin dependencies can expose users to malicious updates when trusted packages are compromised.
Originally published in Cybernews.
Excerpt: “Whether you use languages like Node or Python, you can define library requirement lists via things like package.json (Node) or requirements.txt (Python),” Reguly said.
Cybernews: Code trust crisis: Is it safe to update your system during an active supply chain attack?
Published on April 3, 2026
