The recent hacks at CircleCI and other organizations show that your software supply chain may be a grab bag of software secrets. Only an end-to-end security approach can solve the problem.
Why you need to upgrade to software supply chain security: Adversaries can compromise your organization without comprehensive malware identification.
Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Understanding supply chain security is critical in a software-driven society. Here's an overview of our upcoming book.
Teams are mired in CVEs, the NVD (which is fed by CVE data), and the CVSS. Experts explain why it's time to modernize.
In a first, the Biden administration will hold software developers accountable for vulnerabilities. Naturally, it’s dividing opinions
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Why was an engineer allowed to access critical keys from a home computer? "DevOops."
Modern software development is a primary target for supply chain attacks. Here's why traditional application security testing alone is not up to the job.
SBOM automation is no longer just a nice-to-have — it's an absolute necessity.
The CircleCI breach reveals a bigger story on secrets. Matt Rose and Chris Wilder discuss lessons learned in this webinar
The new CISA office could make a big difference — and even lead to a new discipline dedicated to software supply chain security
The Circle CI breach and other recent hacks expose why the secrets problem is so prolific. Here's what you need to know.
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.