
How bulk pull requests help scale open source bug fixes
Flaws quickly spread across the supply chain. Here's how researchers at Alpha Omega and beyond are automating fixes.

Flaws quickly spread across the supply chain. Here's how researchers at Alpha Omega and beyond are automating fixes.

A Visual Studio Code Extensions Marketplace flaw highlights the risk potential. Here's how the VS Code IDE can proliferate to npm.

ReversingLabs YARA detection rule for NB65 can help you find this ransomware in your environment.

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

The vulnerabilities left the door open to malicious plug-in updates. Here's what you need to know.

Software secrets are in the crosshairs of malicious actors. Here are three key steps to mitigate risk — and best practices your team can take to prevent future breaches.
.webp&w=3840&q=75)
While best practices adoption for AppSec is up, many supply chain security problems remain, the OpenSSF SLSA framework survey shows.

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

GitHub just got a little safer, by finally forcing users into two-factor authentication. What took you so long, Microsoft?

ReversingLabs is giving dev and app sec teams something new: broader visibility into software supply chain risks — and data-driven prioritization to automatically suppress third-party secrets and other false positive results.

The recent hacks at CircleCI and other organizations show that your software supply chain may be a grab bag of software secrets. Only an end-to-end security approach can solve the problem.

Why you need to upgrade to software supply chain security: Adversaries can compromise your organization without comprehensive malware identification.

Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Understanding supply chain security is critical in a software-driven society. Here's an overview of our upcoming book.
Get your 14-day free trial of Spectra Assure for Software Supply Chain Security
Get Free TrialMore about Spectra Assure Free Trial