Will the Exploit Prediction Scoring System improve application security now — and software supply chain security in the future? Here's what you need to know.
Read More about EPSS vs. CVSS: Exploit prediction could move the needle on software risk
What if dev and app sec teams showed the same ingenuity, nimbleness and ruthless efficiency as cybercriminals? Fastly's Kelly Shortridge explains why that's essential to resilience.
Read More about The art of security chaos engineering
In this episode of ConversingLabs, recorded on the sidelines of Black Hat in Las Vegas, NetRise CEO Thomas Pace talks about supply chain threats to the Internet of Things (IoT).
Read More about IoT and the supply chain: The road to securing devices
"Shift left" is giving way to up-front software risk assessments, and companies are increasingly tapping external support for third-party compliance. Learn more from application security peers.
Read More about SANS DevSecOps report: 5 key takeaways
These leading app sec experts provide a steady flow of security knowledge to keep you up to speed.
Read More about 20 application security pros you should follow
In this ConversingLabs, Daniel Woods shares insights from his research on software warranties and discusses how shifting liability to producers could define the market.
Read More about Lemons and liability: How security warranties could tame the software market
RL threat researchers have discovered multiple malicious campaigns on open source repositories. Join the webinar to discuss key takeaways for app sec teams.
Read More about Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks
ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, as well as evidence linking the campaign to North Korea's Lazarus Group.
Read More about VMConnect supply chain attack continues, evidence points to North Korea
Knowledge sharing with cybersecurity experts doesn't have to stop after Hacker Summer Camp wraps up. Follow these top speakers throughout the year.
Read More about 10 Hacker Summer Camp speakers to follow year-round
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: WinRAR exploit targets traders, malicious npm packages go after game devs
Doing just vulnerability management and piecemeal app sec testing are equivalent to paying only the interest on mounting security technical debt. Where does your organization stand?
Read More about Supply chain security: Is technical debt weighing your team down?
ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack.
Read More about Fake Roblox packages target npm with Luna Grabber info-stealing malware
GUAC-ALYTICs will use a new algorithmic engine to model risk across open-source software supply chain interdependencies. Here's what you need to know.
Read More about Risk modeling model exposes supply chain's 'hiddenness of knowledge'
A Week of Breaches: The Intersection of Physical and Digital Security Failures
Read More about The Week in Security: Researchers hack 'unbreakable' card-shuffling hardware, Discord.io shut after breach
Four months after the release of Secure by Design/Secure by Default, CISA's software security initiative is little more than an aspirational exercise. Experts explain what it will take.
Read More about CISA's Secure by Design: Too much, too soon?