Modernize your chaos engineering with commercial software transparency
By leveraging modern supply chain security, you can develop better chaos engineering with deeper visibility into all software. Here are key considerations.
Modernize your chaos engineering with commercial software transparency
CISA SBOM-a-rama: 4 key takeaways for software security teams
The Cybersecurity and Infrastructure Security Agency held its semiannual workshop on software bills of materials recently. Here's what you need to know.
Go beyond the checkbox: How software bills of materials can manage risk
SBOMs are a good start — but modern software supply chain security tooling is needed to make them effective, experts say.
A long history: What’s next for software bills of materials is what matters
Beau Woods discusses the history of the SBOM, from its humble beginnings to its use today — and efforts to modernize it. Here are key highlights from the interview.
What’s in your commercial software?
RL’s Saša Zdjelar joined 'The Cyber Ranch Podcast' to discuss why organizations need to better scrutinize the software they use. Here are the key takeaways.
Fake recruiter coding tests target devs with malicious Python packages
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.
Supply chain risk makes software stack visibility essential
IT GRC Forum expert panel: Get back to basics and put your SBOMs to work for better software security. Here are key takeaways.
Coordinate Your Software Supply Chain Security With Shareable Spectra Assure SAFE Reports
The ReversingLabs Spectra Assure SAFE Report brings readily digestible visibility to software supply chain threats and collaboration for effective risk management.
Secure by Demand: Going Beyond Questionnaires & Software Bills of Materials
Enterprise buyers need direct, verifiable evidence of software security. Here's why your organization needs to trust, but verify.
EPSS and vulnerability management: New scoring system shows promise
The Exploit Prediction Scoring System performs better than CISA's KEV and CVSS scores for vulnerabilities in the wild — but combining all three works best.
Do cybersecurity certifications still deliver? Experts share 6 key insights
With AI and the shift from the perimeter to the software supply chain as a primary attack vector, are certifications still relevant? Here's what top experts say.
With quantum coming, NIST readies new software supply chain protection
The Post Quantum Cryptography program aims to bolster key components such as public-key algorithms. Here's a full rundown.
Think Log4j is a wrap? Think again.
Here's what you need to know about why the Log4j flaw, Log4Shell, remains a threat — and how to protect your organization with a modern software security approach.
Cybersecurity's workforce woes are a myth: 5 ways to rethink recruiting
Leaders say a cybersecurity talent shortage is a myth — instead, it's a plain old hiring and training gap. And the industry is making the problem worse.
5 SecOps automation challenges — and how to overcome them
Here are the key trends driving SecOps automation, its numerous benefits — and the main challenges organizations face when automating their SOC.