EPSS vs. CVSS: Exploit prediction could move the needle on software risk
Will the Exploit Prediction Scoring System improve application security now — and software supply chain security in the future? Here's what you need to know.
AppSec & Supply Chain Security
EPSS vs. CVSS: Exploit prediction could move the needle on software risk
The art of security chaos engineering
What if dev and app sec teams showed the same ingenuity, nimbleness and ruthless efficiency as cybercriminals? Fastly's Kelly Shortridge explains why that's essential to resilience.
IoT and the supply chain: The road to securing devices
In this episode of ConversingLabs, recorded on the sidelines of Black Hat in Las Vegas, NetRise CEO Thomas Pace talks about supply chain threats to the Internet of Things (IoT).
20 application security pros you should follow
These leading app sec experts provide a steady flow of security knowledge to keep you up to speed.
Lemons and liability: How security warranties could tame the software market
In this ConversingLabs, Daniel Woods shares insights from his research on software warranties and discusses how shifting liability to producers could define the market.
10 Hacker Summer Camp speakers to follow year-round
Knowledge sharing with cybersecurity experts doesn't have to stop after Hacker Summer Camp wraps up. Follow these top speakers throughout the year.
The Week in Security: WinRAR exploit targets traders, malicious npm packages go after game devs
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Supply chain security: Is technical debt weighing your team down?
Doing just vulnerability management and piecemeal app sec testing are equivalent to paying only the interest on mounting security technical debt. Where does your organization stand?
Risk modeling model exposes supply chain's 'hiddenness of knowledge'
GUAC-ALYTICs will use a new algorithmic engine to model risk across open-source software supply chain interdependencies. Here's what you need to know.
The Week in Security: Researchers hack 'unbreakable' card-shuffling hardware, Discord.io shut after breach
A Week of Breaches: The Intersection of Physical and Digital Security Failures
CISA's Secure by Design: Too much, too soon?
Four months after the release of Secure by Design/Secure by Default, CISA's software security initiative is little more than an aspirational exercise. Experts explain what it will take.
6 things you may have missed at Hacker Summer Camp
The summertime trio of events in Las Vegas — Black Hat, DEF CON, and BSides — is information overload for cybersecurity leaders and practitioners. Here are the sessions that stood out.
OWASP researcher: Supply chain attacks require going beyond vulnerabilities
Jeremy Long, who founded OWASP's Dependency Check Program, urges organizations to shift from traditional AppSec testing to tools that can remediate malicious threats.
The Week in Security: Cloudflare Tunnels abuse ramps up, U.K. voter data exposed
Stealthy Connections: The Rising Threat of Cloudflare Tunnel Abuse in Cyber Attacks
Do you trust your software? Why verification matters
To manage risk, you need to trust the software you produce or consume — and that requires verification, provided by modern tools and a holistic approach.