Lessons learned from the CircleCI secrets breach
The CircleCI breach reveals a bigger story on secrets. Matt Rose and Chris Wilder discuss lessons learned in this webinar
Lessons learned from the CircleCI secrets breach
How C-SCRM could fill the gaps on supply chain security
The new CISA office could make a big difference — and even lead to a new discipline dedicated to software supply chain security
Why devs and repos spill secrets
The Circle CI breach and other recent hacks expose why the secrets problem is so prolific. Here's what you need to know.
The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Developers beware: Imposter HTTP libraries lurk on PyPI
ReversingLabs researchers discovered dozens of malicious packages on Python Package Index that mimic popular libraries
Core-JS: Beware hidden dependencies from indebted Russian developers
This is not a drill: Denis Pushkarev has big debts — and his code is EVERYWHERE
OSC&R targets software supply chain attacks
Modeled after MITRE ATT&CK, OSC&R aims to improve software supply chain security. Experts share its hits — and misses.
From the Labs: YARA Rule for Detecting Lorenz
ReversingLabs’ YARA detection rule for Lorenz can help you find this ransomware in your environment.
The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Less talk, more action: High hopes for CISA's new C-SCRM office
CISA's C-SCRM turns a page on a busy year for federal software supply chain security directives and guidance. Will it move the needle?
Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy
Beep, boop; hope, hype: Generative AI isn't ready for prime time. So don't play games with your software development
SCA is necessary, but AppSec must evolve to tackle software supply chain security
Software teams face growing supply chain complexity and threats. Here's why your application security team needs to go beyond open source and vulnerabilities.
.webp&w=3840&q=75)
Software composition analysis and the evolution of application security
Forrester has assessed that software composition analysis (SCA) has grown into an established market. Here are the highlights for teams tasked with software supply chain security
The SCA tools landscape and what it means to software supply chain security
The Forrester Software Composition Analysis Landscape, Q1 2023 report provides a competitive analysis of SCA tools. Here's how they deliver (and miss) on software supply chain security
Why knowing the "ground truth" is key to software security
Software bills of materials (SBOMs) deliver a ground truth for software teams. Here's how they can protect their supply chains.