.webp&w=3840&q=75)
Application security practices are maturing — but it's a work in progress
While best practices adoption for AppSec is up, many supply chain security problems remain, the OpenSSF SLSA framework survey shows.
Application security practices are maturing — but it's a work in progress
The Week in Security: YoroTrooper steals credentials in Europe, AI-created videos spread malware
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
GitHub enforces 2FA — it’s about time (given the state of supply chain security)
GitHub just got a little safer, by finally forcing users into two-factor authentication. What took you so long, Microsoft?
Introducing New Secrets Management Capabilities For Mitigating Software Supply Chain Risk
ReversingLabs is giving dev and app sec teams something new: broader visibility into software supply chain risks — and data-driven prioritization to automatically suppress third-party secrets and other false positive results.
Fixing secrets leaks requires holistic software stack protection
The recent hacks at CircleCI and other organizations show that your software supply chain may be a grab bag of software secrets. Only an end-to-end security approach can solve the problem.
When it comes to financial services, mind the gaps in your AppSec testing
Why you need to upgrade to software supply chain security: Adversaries can compromise your organization without comprehensive malware identification.
PyPI repo poisoned with "Colour-Blind" RAT
Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts
The Week in Security: Lazarus attacks same South Korean entity twice, use of hard-coded secrets is up
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Why software transparency is critical
Understanding supply chain security is critical in a software-driven society. Here's an overview of our upcoming book.
App sec is addicted to vulnerability reporting: Why supply chain security requires evolution
Teams are mired in CVEs, the NVD (which is fed by CVE data), and the CVSS. Experts explain why it's time to modernize.
White House cyber strategy: A love/hate story
In a first, the Biden administration will hold software developers accountable for vulnerabilities. Naturally, it’s dividing opinions
The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
LastPass revelations: BIG lessons for DevSecOps teams
Why was an engineer allowed to access critical keys from a home computer? "DevOops."
3 reasons to upgrade your AppSec testing to tackle supply chain security
Modern software development is a primary target for supply chain attacks. Here's why traditional application security testing alone is not up to the job.
SBOM Automation: The next big step in risk management
SBOM automation is no longer just a nice-to-have — it's an absolute necessity.