Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: North Korean APT targets developers, this Barbie is a cybercriminal
Traditional application security can't defend against today's attacks. Our report explains why — and why you need to upgrade your AppSec strategy.
Read More about Tools gap leaves you exposed to supply chain attacks
In addition to the extensive list of components in today's software, AI relies on open-source AI models and training data. What could possibly go wrong?
Read More about AI and the software supply chain: AppSec just got way more complicated
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Google Cloud Build permissions can be poisoned, WormGPT weaponizes AI
The big-fish IAMaaS cloud identity service provider opens its kimono. What can you learn from the exposure?
Read More about JumpCloud 'nation state’ phishing attack spotlights third-party risk management
CISA and NSA issued security guidance on continuous integration/continuous delivery (CI/CD) environments — but missed an opportunity to escalate the conversation.
Read More about Federal security guidance: Been there, done that
With CycloneDX 1.5, OWASP is introducing a number of new types of SBOMs. Here's a full run-down on changes — and what they mean for software transparency.
Read More about CycloneDX 1.5: The next big step for SBOMs and software transparency
The privacy of user data is one thing — but security of that data is equally important.
Read More about EU-US data transfers back in hotseat: Security of user data adds to privacy concerns
Here's what you need to know about third-party risk management — and why to prioritize comprehensive supply chain security.
Read More about Third-party risk management survey: Prioritize end-to-end software supply chain security — or fail
Hackers are having a field day targeting developers with supply chain attacks, which open doors to other compromises. Here's why — and what to do about it.
Read More about 5 reasons why cyber attackers love software developers
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: BlackCat threatens to leak Reddit data, attackers target npm packages (again)
Forward-thinking DevOps shops are doing it already. Isn’t it time your team got on board?
Read More about Passkeys standard: Time to add it to your dev plans?
Robert Martin of MITRE and Cassie Crossley of Schneider Electric discuss how MITRE’s System of Trust helps operationalize software supply chain security.
Read More about MITRE’s System of Trust: A discussion about standardizing software supply chain risk
OWASP is expanding its Top 10 series with a list of large language model vulnerabilities. Here's what AppSec teams need to know.
Read More about OWASP Top 10 for LLM Applications: Can AI risk be tamed?
CISA hosted SBOM-a-rama on Wednesday to move software bills of material — a list of ingredients for software and services — forward. Here are top takeaways and insights.
Read More about CISA SBOM-a-rama tackles challenges: 5 key takeaways