OWASP at a crossroads: Founder Mark Curphey's call for relevance in the age of DevSecOps
After two decades of raising awareness about the big problems in application security, the Open Web Application Security Project (OWASP) stands at a crossroads.
OWASP at a crossroads: Founder Mark Curphey's call for relevance in the age of DevSecOps
The Week in Security: Pro-China cyber operation Dragonbridge targets U.S. elections
Welcome to the latest edition of The Week in Security, which brings you top stories from both the world and our team, across the full stack of security: software security, cybersecurity, and beyond.
Google pairs GUAC with SLSA to take a bite out of software supply chain insecurity
Google is putting its weight behind a project to offer a comprehensive view of your software. Enter GUAC: Graph for Understanding Artifact Composition.
The state of CI/CD security: Upgrade your software supply chain tools to maintain velocity and security
Here's what you need to know about the state of CI/CD tools — and why you need to upgrade your tools and approach to deliver secure software at speed.
SBOMs are critical to AppSec — but only the first step in your journey
Here's what to focus on for a comprehensive approach to application security across your entire software development pipeline.
SBOMs are coming for medical devices. Prof. Kevin Fu explains what to expect
The medical device sector is under pressure to improve software supply chain security, and software bills of materials (SBOMs) are front and center. ReversingLabs talks with Professor Kevin Fu of the Archimedes Center at University of Michigan about what to expect.
The Week in Security: Attacks on critical infrastructure and the software supply chain take off
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Devs: Don’t rely on GitHub Copilot — legal risk gets real
GitHub’s Copilot ML code-completion engine is violating copyright wholesale. So say several high-profile open source advocates.
What an SBOM is — and why it matters
Software bills of materials have become key to mitigating software threats. Here's what you need to know — and how to put them to work.
4 takeaways from the MITRE software security panel
With software supply chain attacks ramping up, software bills of materials (SBOMs) are getting the nod from both government and industry experts as a "no brainer."
The Week in Security: Google takes next step on supply chain risk, UK issues software security guidance
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of cybersecurity.
DevOps lesson from Toyota FAIL: Crash test secrets
Toyota stands accused of lax DevOps standards, as the company reveals it stored prod database credentials in a public GitHub repo. That’s bad enough, but it also took five years to detect and fix.
Packagist PHP repo supply chain attack: 3 key takeaways
A PHP repository vulnerability threatened millions of sites. Here's why you need to make an SBOM the first step in your software supply chain security journey.
Week in Security: Open source tool used to steal data from defense firm
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Memory-safe #RustLang shines with its day in the sun
The chatter around the Rust language is growing into a deafening roar.