Secure by Design's cousin can help make software more secure out of the box by adding guardrails to development. Here's how it helps — and its limitations.
Read More about Secure by Default: Lock down your development for better AppSec
Rev up your application security and software supply chain security engines by subscribing to these six practitioner-curated Substacks.
Read More about The top AppSec Substacks to follow
Early detection of software build environment tampering is key. Here's how RL's software supply chain security platform delivers this critical pre-release check.
Read More about How RL Spectra Assure Analyzes Reproducible Builds to Find Compromises
Tool sprawl is making alert fatigue a major problem for teams responsible for application security. Here are four ways to combat it in your organization.
Read More about AppSec alert fatigue: 4 ways to reduce burnout — and boost security
Malware authors upped their game, using homoglyphs to impersonate a protected NuGet prefix and IL weaving to inject malicious code, RL researchers found.
Read More about Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs
Here's what's holding DevSecOps back — and why modernizing your application security tooling is critical in the software supply chain security era.
Read More about The state of DevSecOps: Why upgrading your AppSec tooling is essential
In a new report, Gartner® is redefining software supply chain security and calling on enterprises to make some big changes.
Read More about Three Pillars to Strengthen Software Supply Chain Security
The compromise of the widely used Polyfill.io CDN contains important lessons for organizations on trust.
Read More about The Polyfill.io vulnerability: Software supply chain attack lessons
The aim is to build a unifying framework incorporating existing SBOM data models, including CSAF, CycloneDX, OpenVEX, and SPDX. Experts weigh in with key insights.
Read More about OASIS Open's push for a software supply chain standard: All together now?
RL's Spectra Assure Community offers free comprehensive risk assessment of more than 5 million npm, PyPi, and RubyGems packages.
Read More about New Portal Helps Devs Spot Malicious Open Source Packages
The history of the package is a lesson in why tracking open source threats is such a challenge — and highlights the value of RL's new Spectra Assure Community.
Read More about Malicious npm package targets AWS users
RL Spectra Assure’s AI-driven complex binary analysis delivers critical visibility into software binaries to flag malware and advanced software threats, closing the software supply chain security gap.
Read More about The Power of Complex Binary Analysis
Self-service portals for developers can help organizations overcome challenges to getting up and running with CISA's software security initiative.
Read More about How platform engineering helps you get a good start on Secure by Design
When engaging in M&A, acquiring firms often inherit a software stack that presents security concerns. Here’s how you can effectively manage these risks.
Read More about How to secure mergers & acquisitions from software supply chain attacks
Get up to speed on the state of security operations and related cybersecurity practices by subscribing to these 10 expert-curated Substacks.
Read More about Top cybersecurity Substacks to follow