OSC&R targets software supply chain attacks
Modeled after MITRE ATT&CK, OSC&R aims to improve software supply chain security. Experts share its hits — and misses.
OSC&R targets software supply chain attacks
From the Labs: YARA Rule for Detecting Lorenz
ReversingLabs’ YARA detection rule for Lorenz can help you find this ransomware in your environment.
The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Less talk, more action: High hopes for CISA's new C-SCRM office
CISA's C-SCRM turns a page on a busy year for federal software supply chain security directives and guidance. Will it move the needle?
Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy
Beep, boop; hope, hype: Generative AI isn't ready for prime time. So don't play games with your software development
SCA is necessary, but AppSec must evolve to tackle software supply chain security
Software teams face growing supply chain complexity and threats. Here's why your application security team needs to go beyond open source and vulnerabilities.
.webp&w=3840&q=75)
Software composition analysis and the evolution of application security
Forrester has assessed that software composition analysis (SCA) has grown into an established market. Here are the highlights for teams tasked with software supply chain security
The SCA tools landscape and what it means to software supply chain security
The Forrester Software Composition Analysis Landscape, Q1 2023 report provides a competitive analysis of SCA tools. Here's how they deliver (and miss) on software supply chain security
Why knowing the "ground truth" is key to software security
Software bills of materials (SBOMs) deliver a ground truth for software teams. Here's how they can protect their supply chains.
Open-source repository malware sows Havoc
Aabquerys is a malicious npm package discovered typosquatting on a legitimate module that downloads malicious components
The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Leaky app gives researcher 'total, global control' over the Toyota supplier network
Researcher Eaton Zveare discloses massive back door in Toyota web app exploiting a JsonWebToken used for authentication
C-SCRM: We’re from the government — and we’re here to help with software supply chain security
Supply chain risk management guidance incoming, like it or not
The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Leverage third-party software validation to bolster your supply chain security
Here's how risks emerge with third-party software, and why third-party partners are best for validating software security end-to-end