OWASP researcher: Supply chain attacks require going beyond vulnerabilities
Jeremy Long, who founded OWASP's Dependency Check Program, urges organizations to shift from traditional AppSec testing to tools that can remediate malicious threats.
AppSec & Supply Chain Security
OWASP researcher: Supply chain attacks require going beyond vulnerabilities
The Week in Security: Cloudflare Tunnels abuse ramps up, U.K. voter data exposed
Stealthy Connections: The Rising Threat of Cloudflare Tunnel Abuse in Cyber Attacks
Do you trust your software? Why verification matters
To manage risk, you need to trust the software you produce or consume — and that requires verification, provided by modern tools and a holistic approach.
8 Black Hat sessions you don’t want to miss
Black Hat USA is a showcase for top security experts and companies. Here's our short list of must-see sessions for 2023.
The Week in Security: Malware gives remote access to air-gapped devices, cyber attackers target Italy
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Rust progress: New threat modeling, tools bolster programming language
Here's why the Rust Foundation Security Initiative's audit and resulting new tooling matter for secure coding — and software supply chain security.
The Week in Security: North Korean APT targets developers, this Barbie is a cybercriminal
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Tools gap leaves you exposed to supply chain attacks
Traditional application security can't defend against today's attacks. Our report explains why — and why you need to upgrade your AppSec strategy.
AI and the software supply chain: AppSec just got way more complicated
In addition to the extensive list of components in today's software, AI relies on open-source AI models and training data. What could possibly go wrong?
The Week in Security: Google Cloud Build permissions can be poisoned, WormGPT weaponizes AI
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
JumpCloud 'nation state’ phishing attack spotlights third-party risk management
The big-fish IAMaaS cloud identity service provider opens its kimono. What can you learn from the exposure?
Federal security guidance: Been there, done that
CISA and NSA issued security guidance on continuous integration/continuous delivery (CI/CD) environments — but missed an opportunity to escalate the conversation.
CycloneDX 1.5: The next big step for SBOMs and software transparency
With CycloneDX 1.5, OWASP is introducing a number of new types of SBOMs. Here's a full run-down on changes — and what they mean for software transparency.
EU-US data transfers back in hotseat: Security of user data adds to privacy concerns
The privacy of user data is one thing — but security of that data is equally important.
Third-party risk management survey: Prioritize end-to-end software supply chain security — or fail
Here's what you need to know about third-party risk management — and why to prioritize comprehensive supply chain security.