Listen up: 10 cybersecurity podcasts you can learn from
Get up to speed on all things cybersecurity by subscribing to these knowledge-dropping podcasts. You're welcome.
Read More about Listen up: 10 cybersecurity podcasts you can learn fromListen up: 10 cybersecurity podcasts you can learn from
Python downloader highlights noise problem in open source threat detection
RL discovered what appeared to be a malicious downloader on PyPI. It turned out to be red teaming — but highlights a growing problem for threat detection.
Read More about Python downloader highlights noise problem in open source threat detection
9 best practices for leveraging threat intelligence in your security operations
Cyberthreat intelligence can bolster your SecOps with actionable info — if you choose wisely. Here's how to get started with CTI and what you need to know.
Read More about 9 best practices for leveraging threat intelligence in your security operations
NSA's zero-trust maturity for AppSec: What you need to know
The new initiative aims to help teams secure application access — and ensure continuous visibility of the workload. Experts weigh in with key insights.
Read More about NSA's zero-trust maturity for AppSec: What you need to know
Security operations by the numbers: 30 cybersecurity stats that matter
Get up to speed on the state of SecOps with key takeaways from recent research and surveys of cybersecurity practitioners and leaders.
Read More about Security operations by the numbers: 30 cybersecurity stats that matter
The state of AppSec: Are we getting ahead of attackers — or falling behind?
Is application security keeping up with modern supply chain attacks? One SME urges "glass half full"-optimism. The reality: AppSec tooling needs an upgrade.
Read More about The state of AppSec: Are we getting ahead of attackers — or falling behind?
Making SBOMs actionable: Why sharing is essential
Factors are converging to make sharing of software bills of materials a reality. Here are key concerns — and why data sharing is essential to their effectiveness.
Read More about Making SBOMs actionable: Why sharing is essential
Will CISA's Secure by Design pledge be a catalyst for better software security?
CISA has support from more than 60 companies, and it hopes more will follow. Here's what's in the pledge — and what experts say about its chances of success.
Read More about Will CISA's Secure by Design pledge be a catalyst for better software security?
When it comes to threat modeling, not all threats are created equal
With inherent threats, which are core to the system being modeled, protective measures cannot be perfect or complete. Here's how to best manage that.
Read More about When it comes to threat modeling, not all threats are created equal
CISA's 'vulnrichment' aims to fix the NVD
The new program, which follows NIST's slowdown on the National Vulnerability Database, will enrich CVEs with contextual data for better vulnerability management.
Read More about CISA's 'vulnrichment' aims to fix the NVD
What you missed at RSA Conference 2024: Key trends and takeaways
Here are the highlights that practitioners and leaders should know if they skipped last week's RSAC, the mother of all cybersecurity shows.
Read More about What you missed at RSA Conference 2024: Key trends and takeaways
NSA: Nation state actors aren't after your data — they want your OT
In his “State of the Hack” session at RSA Conference, NSA’s David Luber said attackers are thinking beyond data theft and targeting operational technology. That's why your team needs to look deeper and longer for signs of compromise.
Read More about NSA: Nation state actors aren't after your data — they want your OT
CI/CD pipelines and the cloud: Are your development secrets at risk?
Combined with cloud service providers' CLIs, continuous delivery/continuous integration can pose a threat. Here's why — and how to keep a lid on your secrets.
Read More about CI/CD pipelines and the cloud: Are your development secrets at risk?
Why GenAI fails at full SOC automation
In a new research note, Forrester analysts explain how the current limitations of AI-enabled SecOps tools keep autonomous security decision making out of reach.
Read More about Why GenAI fails at full SOC automation
Verizon 2024 DBIR: Software supply chain risks fuel a data breach epidemic
The new Data Breach Investigations Report sounds the alarm over software supply chain security — and calls for higher standards for development organizations.
Read More about Verizon 2024 DBIR: Software supply chain risks fuel a data breach epidemic