GitHub just got a little safer, by finally forcing users into two-factor authentication. What took you so long, Microsoft?
Read More about GitHub enforces 2FA — it’s about time (given the state of supply chain security)
ReversingLabs is giving dev and app sec teams something new: broader visibility into software supply chain risks — and data-driven prioritization to automatically suppress third-party secrets and other false positive results.
Read More about Introducing New Secrets Management Capabilities For Mitigating Software Supply Chain Risk
The recent hacks at CircleCI and other organizations show that your software supply chain may be a grab bag of software secrets. Only an end-to-end security approach can solve the problem.
Read More about Fixing secrets leaks requires holistic software stack protection
Why you need to upgrade to software supply chain security: Adversaries can compromise your organization without comprehensive malware identification.
Read More about When it comes to financial services, mind the gaps in your AppSec testing
Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts
Read More about PyPI repo poisoned with "Colour-Blind" RAT
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Lazarus attacks same South Korean entity twice, use of hard-coded secrets is up
Here's an overview of our upcoming book, with highlights and key takeaways from each chapter.
Read More about Why software transparency is critical: Understanding supply chain security in a software-driven society
Teams are mired in CVEs, the NVD (which is fed by CVE data), and the CVSS. Experts explain why it's time to modernize.
Read More about App sec is addicted to vulnerability reporting: Why supply chain security requires evolution
In a first, the Biden administration will hold software developers accountable for vulnerabilities. Naturally, it’s dividing opinions
Read More about White House cyber strategy: A love/hate story
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability
Why was an engineer allowed to access critical keys from a home computer? "DevOops."
Read More about LastPass revelations: BIG lessons for DevSecOps teams
Modern software development is a primary target for supply chain attacks. Here's why traditional application security testing alone is not up to the job.
Read More about 3 reasons to upgrade your AppSec testing to tackle supply chain security
SBOM automation is no longer just a nice-to-have — it's an absolute necessity.
Read More about SBOM Automation: The next big step in risk management
The CircleCI breach reveals a bigger story on secrets. Matt Rose and Chris Wilder discuss lessons learned in this webinar
Read More about Lessons learned from the CircleCI secrets breach
The new CISA office could make a big difference — and even lead to a new discipline dedicated to software supply chain security
Read More about How C-SCRM could fill the gaps on supply chain security