AI and the software supply chain: AppSec just got way more complicated
In addition to the extensive list of components in today's software, AI relies on open-source AI models and training data. What could possibly go wrong?
Ericka Chickowski
Freelance writer. Ericka Chickowski's award-winning writing on business and technology have appeared in dozens of trade and consumer magazines, including Entrepreneur, Consumers Digest, Channel Insider, CIO Insight, Dark Reading, DevOps.com and InformationWeek. She's made it her specialty to explain in plain English how technology trends affect real people.
Posts from Ericka Chickowski
AI and the software supply chain: AppSec just got way more complicated
5 reasons why cyber attackers love software developers
Hackers are having a field day targeting developers with supply chain attacks, which open doors to other compromises. Here's why — and what to do about it.
5 AI threats keeping SOC teams up at night
Your security operations team should be planning how to stay ahead of these emerging AI risks.
7 obstacles to success with software bills of materials
The path to success for SBOMs faces many hurdles. Here are key factors that threaten your investments.
How to operationalize software bills of materials for incident response
Here's why SBOMs are essential for cybersecurity incident response — and how to put them to work.
Why 'shift left' is now a dirty term in some security circles
Here's why some security practitioners question the term — and what they think app sec teams should focus on instead.
How bulk pull requests help scale open source bug fixes
Flaws quickly spread across the supply chain. Here's how researchers at Alpha Omega and beyond are automating fixes.
App sec is addicted to vulnerability reporting: Why supply chain security requires evolution
Teams are mired in CVEs, the NVD (which is fed by CVE data), and the CVSS. Experts explain why it's time to modernize.
Less talk, more action: High hopes for CISA's new C-SCRM office
CISA's C-SCRM turns a page on a busy year for federal software supply chain security directives and guidance. Will it move the needle?