The Cybersecurity and Infrastructure Security Agency held its semiannual workshop on software bills of materials recently. Here's what you need to know.
Read More about CISA SBOM-a-rama: 4 key takeaways for software security teams
SBOMs are a good start — but modern software supply chain security tooling is needed to make them effective, experts say.
Read More about Go beyond the checkbox: How software bills of materials can manage risk
Beau Woods discusses the history of the SBOM, from its humble beginnings to its use today — and efforts to modernize it. Here are key highlights from the interview.
Read More about A long history: What’s next for software bills of materials is what matters
RL’s Saša Zdjelar joined 'The Cyber Ranch Podcast' to discuss why organizations need to better scrutinize the software they use. Here are the key takeaways.
Read More about What’s in your commercial software?
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.
Read More about Fake recruiter coding tests target devs with malicious Python packages
IT GRC Forum expert panel: Get back to basics and put your SBOMs to work for better software security. Here are key takeaways.
Read More about Supply chain risk makes software stack visibility essential
The ReversingLabs Spectra Assure SAFE Report brings readily digestible visibility to software supply chain threats and collaboration for effective risk management.
Read More about Coordinate Your Software Supply Chain Security With Shareable Spectra Assure SAFE Reports
Enterprise buyers need direct, verifiable evidence of software security. Here's why your organization needs to trust, but verify.
Read More about Secure by Demand: Going Beyond Questionnaires & Software Bills of Materials
The Exploit Prediction Scoring System performs better than CISA's KEV and CVSS scores for vulnerabilities in the wild — but combining all three works best.
Read More about EPSS and vulnerability management: New scoring system shows promise
With AI and the shift from the perimeter to the software supply chain as a primary attack vector, are certifications still relevant? Here's what top experts say.
Read More about Do cybersecurity certifications still deliver? Experts share 6 key insights
The Post Quantum Cryptography program aims to bolster key components such as public-key algorithms. Here's a full rundown.
Read More about With quantum coming, NIST readies new software supply chain protection
Here's what you need to know about why the Log4j flaw, Log4Shell, remains a threat — and how to protect your organization with a modern software security approach.
Read More about Think Log4j is a wrap? Think again.
Leaders say a cybersecurity talent shortage is a myth — instead, it's a plain old hiring and training gap. And the industry is making the problem worse.
Read More about Cybersecurity's workforce woes are a myth: 5 ways to rethink recruiting
Here are the key trends driving SecOps automation, its numerous benefits — and the main challenges organizations face when automating their SOC.
Read More about 5 SecOps automation challenges — and how to overcome them
Leaders from the private sector and government called for a rethink of outdated security tools and practices in an age of API-driven services and AI.
Read More about Hacker Summer Camp: Reboot needed to tackle software supply chain threats