Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
CISA's C-SCRM turns a page on a busy year for federal software supply chain security directives and guidance. Will it move the needle?
Beep, boop; hope, hype: Generative AI isn't ready for prime time. So don't play games with your software development
Software teams face growing supply chain complexity and threats. Here's why your application security team needs to go beyond open source and vulnerabilities.
.webp&w=3840&q=75)
Forrester has assessed that software composition analysis (SCA) has grown into an established market. Here are the highlights for teams tasked with software supply chain security
The Forrester Software Composition Analysis Landscape, Q1 2023 report provides a competitive analysis of SCA tools. Here's how they deliver (and miss) on software supply chain security
Software bills of materials (SBOMs) deliver a ground truth for software teams. Here's how they can protect their supply chains.
Aabquerys is a malicious npm package discovered typosquatting on a legitimate module that downloads malicious components
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Researcher Eaton Zveare discloses massive back door in Toyota web app exploiting a JsonWebToken used for authentication
Supply chain risk management guidance incoming, like it or not
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Here's how risks emerge with third-party software, and why third-party partners are best for validating software security end-to-end
Firing ‘the best of the best’ does not bode well for software security. Will the last to leave please turn off the lights?
Software Bills of Materials could become Software Bills of Mediocrity. But not if we can agree on their real value for software supply chain security.