SBOM Automation: The next big step in risk management
SBOM automation is no longer just a nice-to-have — it's an absolute necessity.
Read More about SBOM Automation: The next big step in risk managementSBOM Automation: The next big step in risk management
Lessons learned from the CircleCI secrets breach
The CircleCI breach reveals a bigger story on secrets. Matt Rose and Chris Wilder discuss lessons learned in this webinar
Read More about Lessons learned from the CircleCI secrets breach
How C-SCRM could fill the gaps on supply chain security
The new CISA office could make a big difference — and even lead to a new discipline dedicated to software supply chain security
Read More about How C-SCRM could fill the gaps on supply chain security
Why devs and repos spill secrets
The Circle CI breach and other recent hacks expose why the secrets problem is so prolific. Here's what you need to know.
Read More about Why devs and repos spill secrets
The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm
Developers beware: Imposter HTTP libraries lurk on PyPI
ReversingLabs researchers discovered dozens of malicious packages on Python Package Index that mimic popular libraries
Read More about Developers beware: Imposter HTTP libraries lurk on PyPI
Core-JS: Beware hidden dependencies from indebted Russian developers
This is not a drill: Denis Pushkarev has big debts — and his code is EVERYWHERE
Read More about Core-JS: Beware hidden dependencies from indebted Russian developers
OSC&R targets software supply chain attacks
Modeled after MITRE ATT&CK, OSC&R aims to improve software supply chain security. Experts share its hits — and misses.
Read More about OSC&R targets software supply chain attacks
From the Labs: YARA Rule for Detecting Lorenz
ReversingLabs’ YARA detection rule for Lorenz can help you find this ransomware in your environment.
Read More about From the Labs: YARA Rule for Detecting Lorenz
The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess
Less talk, more action: High hopes for CISA's new C-SCRM office
CISA's C-SCRM turns a page on a busy year for federal software supply chain security directives and guidance. Will it move the needle?
Read More about Less talk, more action: High hopes for CISA's new C-SCRM office
Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy
Beep, boop; hope, hype: Generative AI isn't ready for prime time. So don't play games with your software development
Read More about Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy
SCA is necessary, but AppSec must evolve to tackle software supply chain security
Software teams face growing supply chain complexity and threats. Here's why your application security team needs to go beyond open source and vulnerabilities.
Read More about SCA is necessary, but AppSec must evolve to tackle software supply chain security.webp&w=3840&q=75)
Software composition analysis and the evolution of application security
Forrester has assessed that software composition analysis (SCA) has grown into an established market. Here are the highlights for teams tasked with software supply chain security
Read More about Software composition analysis and the evolution of application security
The SCA tools landscape and what it means to software supply chain security
The Forrester Software Composition Analysis Landscape, Q1 2023 report provides a competitive analysis of SCA tools. Here's how they deliver (and miss) on software supply chain security
Read More about The SCA tools landscape and what it means to software supply chain security