January 30, 2023
SBOMs could become Software Bills of Mediocrity. But not if we can agree on their value for software supply chain security. Chris Romeo explains.
January 26, 2023
This week: GoTo says its 2022 breach was worse than reported, also affecting LastPass. Also: A hacktivist finds FBI No Fly list on an unsecured server.
January 25, 2023
Top leaders and practitioners from eBay, Fidelity, T-Mobile and Tasktop share lessons from the Log4Shell vulnerability. Here are four key takeaways.
January 24, 2023
It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect. In this week’s Secure Software Blogwatch, we run and hide.
January 23, 2023
ChatGTP and GitHub Copilot seem like a win for developers — under pressure to release new features continuously. But the code produced by generative AI needs serious scrutiny.
January 19, 2023
This week: A new software supply chain attack has been discovered on PyPI. Also: A ransomware attack on ship management software impacts 1000 vessels.
January 18, 2023
Machine learning can be a cognitive crutch, causing code vulnerabilities. Use with extreme caution!
January 18, 2023
Get out in front of software supply chain compliance requirements for a competitive advantage. Here's what your software organization needs to know.
All Blog Posts
Software Supply Chain Security
Dev & DevSecOps
Threat Research
Security Operations
Products & Technology
Events & Announcements