OWASP adopts DockSec: Why it matters
OWASP has adopted the container security tool to slow information overload. Here’s what you need to know.
AppSec & Supply Chain Security
OWASP adopts DockSec: Why it matters
OpenClaw and AI risk: 3 AppSec lessons
The OpenClaw saga is a case study on the threat from agentic AI, showing how it increases software risk.
Claude Code Security: The pros and cons
The new tool is a step forward on AI coding risk — but it trips on modern threats because it looks only at source code.
AI-native AppSec: What it is — and why it matters
AI coding is a game-changer — and requires AI-powered application security to fight fire with fire.
BSIMM16 confirms: AI redefines AppSec
AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.
How AI agents upend supply chain security
Here’s what you need to know about their impact on software security — and what you can do to fight back.
Commercial software risk: New controls required
Legacy strategies and tooling can’t manage today’s software threats. Here’s why binary analysis is necessary.
Gartner® CISO Playbook for Commercial SSCS: 3 key insights
Here are the takeaways CISOs and other security leaders should consider for their TPCRM strategies.
Notepad++ hack: Supply chain threats evolve
A compromise of the source code editor underscores attack method diversification. It's time to go beyond trust.
RL SSCS Report: A 2025 retrospective
ReversingLabs looked at last year’s Software Supply Chain Security Report in the rear-view mirror. Here’s what RL got right — and wrong.
RL SSCS Report 2026: A guidance timeline
Here are the guidelines, mandates, frameworks, and goals that have refined software supply chain security policy.
RL SSCS Report 2026: 5 key takeaways
OSS and dev tools are targets as AI risk rises. Learn more in the Software Supply Chain Security Report 2026.
SSDF 1.2 sees AppSec as a journey
NIST has broadened the Secure Software Development Framework to include the full SDLC. Here’s why it matters.
Mandatory SBOMs: Why CRA matters
The EU’s Cyber Resilience Act legally obliges software producers to create and maintain an SBOM. Are you prepared?
Shai-hulud post-mortem: A call to action on AppSec
Trigger.dev's experience shows that you need modern controls to combat today's supply chain attacks.