Chris Inglis said the government is setting a new bar for supply chain security as the national cybersecurity focus shifts from incident response to cyber resilience.
Read More about National Cyber Director: Higher bar for software supply chain security is key to cyber resilience
After two decades of raising awareness about the big problems in application security, the Open Web Application Security Project (OWASP) stands at a crossroads.
Read More about OWASP at a crossroads: Founder Mark Curphey's call for relevance in the age of DevSecOps
Welcome to the latest edition of The Week in Security, which brings you top stories from both the world and our team, across the full stack of security: software security, cybersecurity, and beyond.
Read More about The Week in Security: Pro-China cyber operation Dragonbridge targets U.S. elections
Google is putting its weight behind a project to offer a comprehensive view of your software. Enter GUAC: Graph for Understanding Artifact Composition.
Read More about Google pairs GUAC with SLSA to take a bite out of software supply chain insecurity
Here's what you need to know about the state of CI/CD tools — and why you need to upgrade your tools and approach to deliver secure software at speed.
Read More about The state of CI/CD security: Upgrade your software supply chain tools to maintain velocity and security
Here's what to focus on for a comprehensive approach to application security across your entire software development pipeline.
Read More about SBOMs are critical to AppSec — but only the first step in your journey
The medical device sector is under pressure to improve software supply chain security, and software bills of materials (SBOMs) are front and center. ReversingLabs talks with Professor Kevin Fu of the Archimedes Center at University of Michigan about what to expect.
Read More about SBOMs are coming for medical devices. Prof. Kevin Fu explains what to expect
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Attacks on critical infrastructure and the software supply chain take off
GitHub’s Copilot ML code-completion engine is violating copyright wholesale. So say several high-profile open source advocates.
Read More about Devs: Don’t rely on GitHub Copilot — legal risk gets real
Software bills of materials have become key to mitigating software threats. Here's what you need to know — and how to put them to work.
Read More about What an SBOM is — and why it matters
With software supply chain attacks ramping up, software bills of materials (SBOMs) are getting the nod from both government and industry experts as a "no brainer."
Read More about 4 takeaways from the MITRE software security panel
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of cybersecurity.
Read More about The Week in Security: Google takes next step on supply chain risk, UK issues software security guidance
Toyota stands accused of lax DevOps standards, as the company reveals it stored prod database credentials in a public GitHub repo. That’s bad enough, but it also took five years to detect and fix.
Read More about DevOps lesson from Toyota FAIL: Crash test secrets
A PHP repository vulnerability threatened millions of sites. Here's why you need to make an SBOM the first step in your software supply chain security journey.
Read More about Packagist PHP repo supply chain attack: 3 key takeaways
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about Week in Security: Open source tool used to steal data from defense firm