February 14, 2023

Software composition analysis and the evolution of application security

Forrester has assessed that software composition analysis (SCA) has grown into an established market. Here are the highlights for teams tasked with software supply chain security

Read More about Software composition analysis and the evolution of application security

Software composition analysis and the evolution of application security

February 14, 2023

The SCA tools landscape and what it means to software supply chain security

The Forrester Software Composition Analysis Landscape, Q1 2023 report provides a competitive analysis of SCA tools. Here's how they deliver (and miss) on software supply chain security

Read More about The SCA tools landscape and what it means to software supply chain security

The SCA tools landscape and what it means to software supply chain security

February 13, 2023

Why knowing the "ground truth" is key to software security

Software bills of materials (SBOMs) deliver a ground truth for software teams. Here's how they can protect their supply chains.

Read More about Why knowing the "ground truth" is key to software security

Why knowing the "ground truth" is key to software security

February 9, 2023

Open-source repository malware sows Havoc

Aabquerys is a malicious npm package discovered typosquatting on a legitimate module that downloads malicious components

Read More about Open-source repository malware sows Havoc

Open-source repository malware sows Havoc

February 9, 2023

The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce

The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce

February 8, 2023

Leaky app gives researcher 'total, global control' over the Toyota supplier network

Researcher Eaton Zveare discloses massive back door in Toyota web app exploiting a JsonWebToken used for authentication

Read More about Leaky app gives researcher 'total, global control' over the Toyota supplier network

Leaky app gives researcher 'total, global control' over the Toyota supplier network

February 7, 2023

C-SCRM: We’re from the government — and we’re here to help with software supply chain security

Supply chain risk management guidance incoming, like it or not

Read More about C-SCRM: We’re from the government — and we’re here to help with software supply chain security

C-SCRM: We’re from the government — and we’re here to help with software supply chain security

February 2, 2023

The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine

The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine

February 1, 2023

Leverage third-party software validation to bolster your supply chain security

Here's how risks emerge with third-party software, and why third-party partners are best for validating software security end-to-end

Read More about Leverage third-party software validation to bolster your supply chain security

Leverage third-party software validation to bolster your supply chain security

January 31, 2023

Google’s Open Source Team Layoffs A Security Risks

Firing ‘the best of the best’ does not bode well for software security. Will the last to leave please turn off the lights?

Read More about Google’s Open Source Team Layoffs A Security Risks

Google’s Open Source Team Layoffs A Security Risks

January 30, 2023

Go beyond Software Bills of Mediocrity

Software Bills of Materials could become Software Bills of Mediocrity. But not if we can agree on their real value for software supply chain security.

Read More about Go beyond Software Bills of Mediocrity

Go beyond Software Bills of Mediocrity

January 26, 2023

The Week in Security: After breach, 'unusual activity' detected in GoTo and LastPass dev environments

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: After breach, 'unusual activity' detected in GoTo and LastPass dev environments

The Week in Security: After breach, 'unusual activity' detected in GoTo and LastPass dev environments

January 25, 2023

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

The Log4Shell vulnerability is considered to be one of the most significant software bugs in recent years, because of its severity, pervasiveness and long-lasting impact on organizations.

Read More about Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

January 24, 2023

Move over, npm: Now VS Code extensions can’t be trusted

It’s super easy to spoof Visual Studio Code extensions. And those spoofed extensions are incredibly hard to detect.

Read More about Move over, npm: Now VS Code extensions can’t be trusted

Move over, npm: Now VS Code extensions can’t be trusted

January 23, 2023

AI unleashed: Are you repared for next-gen software supply chain attacks?

ChatGPT and Copilot are a clear and present danger to software security. Modernize your AppSec approach today

Read More about AI unleashed: Are you repared for next-gen software supply chain attacks?

AI unleashed: Are you repared for next-gen software supply chain attacks?