AppSec & Supply Chain Security

April 16, 2026

Vibeware: More than bad vibes for AppSec

Threat actors are leveraging the freewheeling vibe-coding trend to deliver malicious software at scale.

Read More about Vibeware: More than bad vibes for AppSec

Vibeware: More than bad vibes for AppSec

April 15, 2026

The CRA is coming: Are you ready?

Here's how the EU's Cyber Resilience Act will reshape the software industry — and how that can accelerate advantages.

Read More about The CRA is coming: Are you ready?

The CRA is coming: Are you ready?

April 8, 2026

Claude Mythos: Get your AppSec game on

Anthropic's new AI is a 'step change' for exposing software flaws — but also ramps up exploits. Are you ready for it?

Read More about Claude Mythos: Get your AppSec game on

Claude Mythos: Get your AppSec game on

April 7, 2026

28 application security stats that matter

AI and open source are redefining the software threat landscape. Here are the key statistics you need to know.

Read More about 28 application security stats that matter

28 application security stats that matter

April 2, 2026

Axios: How AppSec teams should respond

Here's a mitigations checklist and best practices. Plus: How RL’s xBOM and Spectra Assure Community can help.

Read More about Axios: How AppSec teams should respond

Axios: How AppSec teams should respond

April 1, 2026

How JPMC tackles software ‘trust debt’

JPMorgan Chase CISO Patrick Opet discussed his letter on third-party software risk — and how that has played out.

Read More about How JPMC tackles software ‘trust debt’

How JPMC tackles software ‘trust debt’

March 31, 2026

GenAI Security Project ramps up guidance

With AI ramping up risk, OWASP stepped up its project to help AppSec teams get up to speed — and take action.

Read More about GenAI Security Project ramps up guidance

GenAI Security Project ramps up guidance

March 27, 2026

AppSec as attacker: Inside Trivy–LiteLLM

The perimeter isn't your firewall — it's your CI/CD pipeline. Here’s what to know about TeamPCP's supply chain attack.

Read More about AppSec as attacker: Inside Trivy–LiteLLM

AppSec as attacker: Inside Trivy–LiteLLM

March 26, 2026

Decouple SIEM data to reshape your AppSec

Shift to a data security pipeline platform to get software visibility that modern supply chain threats demand.

Read More about Decouple SIEM data to reshape your AppSec

Decouple SIEM data to reshape your AppSec

March 25, 2026

How AI agents can weaponize IDEs

Research shows that AI coding can tap integrated development environments to become privileged insider threats. 

Read More about How AI agents can weaponize IDEs

How AI agents can weaponize IDEs

March 18, 2026

OpenClaw lesson: AI agents are a black hole

AI agents create novel attack surfaces and control issues that require rethinking assumptions — and AppSec tooling.

Read More about OpenClaw lesson: AI agents are a black hole

OpenClaw lesson: AI agents are a black hole

March 11, 2026

OWASP adopts DockSec: Why it matters

OWASP has adopted the container security tool to slow information overload. Here’s what you need to know.

Read More about OWASP adopts DockSec: Why it matters

OWASP adopts DockSec: Why it matters

March 10, 2026

OpenClaw and AI risk: 3 AppSec lessons

The OpenClaw saga is a case study on the threat from agentic AI, showing how it increases software risk.

Read More about OpenClaw and AI risk: 3 AppSec lessons

OpenClaw and AI risk: 3 AppSec lessons

March 5, 2026

Claude Code Security: The pros and cons

The new tool is a step forward on AI coding risk — but it trips on modern threats because it looks only at source code.

Read More about Claude Code Security: The pros and cons

Claude Code Security: The pros and cons

March 4, 2026

AI-native AppSec: What it is — and why it matters

AI coding is a game-changer — and requires AI-powered application security to fight fire with fire.

Read More about AI-native AppSec: What it is — and why it matters

AI-native AppSec: What it is — and why it matters