Why software transparency is critical: Understanding supply chain security in a software-driven society
Here's an overview of our upcoming book, with highlights and key takeaways from each chapter.
Why software transparency is critical: Understanding supply chain security in a software-driven society
App sec is addicted to vulnerability reporting: Why supply chain security requires evolution
Teams are mired in CVEs, the NVD (which is fed by CVE data), and the CVSS. Experts explain why it's time to modernize.
White House cyber strategy: A love/hate story
In a first, the Biden administration will hold software developers accountable for vulnerabilities. Naturally, it’s dividing opinions
The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
LastPass revelations: BIG lessons for DevSecOps teams
Why was an engineer allowed to access critical keys from a home computer? "DevOops."
3 reasons to upgrade your AppSec testing to tackle supply chain security
Modern software development is a primary target for supply chain attacks. Here's why traditional application security testing alone is not up to the job.
SBOM Automation: The next big step in risk management
SBOM automation is no longer just a nice-to-have — it's an absolute necessity.
Lessons learned from the CircleCI secrets breach
The CircleCI breach reveals a bigger story on secrets. Matt Rose and Chris Wilder discuss lessons learned in this webinar
How C-SCRM could fill the gaps on supply chain security
The new CISA office could make a big difference — and even lead to a new discipline dedicated to software supply chain security
Why devs and repos spill secrets
The Circle CI breach and other recent hacks expose why the secrets problem is so prolific. Here's what you need to know.
The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Developers beware: Imposter HTTP libraries lurk on PyPI
ReversingLabs researchers discovered dozens of malicious packages on Python Package Index that mimic popular libraries
Core-JS: Beware hidden dependencies from indebted Russian developers
This is not a drill: Denis Pushkarev has big debts — and his code is EVERYWHERE
OSC&R targets software supply chain attacks
Modeled after MITRE ATT&CK, OSC&R aims to improve software supply chain security. Experts share its hits — and misses.
From the Labs: YARA Rule for Detecting Lorenz
ReversingLabs’ YARA detection rule for Lorenz can help you find this ransomware in your environment.