5 reasons why cyber attackers love software developers
Hackers are having a field day targeting developers with supply chain attacks, which open doors to other compromises. Here's why — and what to do about it.
AppSec & Supply Chain Security
5 reasons why cyber attackers love software developers
The Week in Security: BlackCat threatens to leak Reddit data, attackers target npm packages (again)
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Passkeys standard: Time to add it to your dev plans?
Forward-thinking DevOps shops are doing it already. Isn’t it time your team got on board?
MITRE’s System of Trust: A discussion about standardizing software supply chain risk
Robert Martin of MITRE and Cassie Crossley of Schneider Electric discuss how MITRE’s System of Trust helps operationalize software supply chain security.
OWASP Top 10 for LLM Applications: Can AI risk be tamed?
OWASP is expanding its Top 10 series with a list of large language model vulnerabilities. Here's what AppSec teams need to know.
CISA SBOM-a-rama tackles challenges: 5 key takeaways
CISA hosted SBOM-a-rama on Wednesday to move software bills of material — a list of ingredients for software and services — forward. Here are top takeaways and insights.
How to trust open source software: A conversation with OpenSSF's Naveen Srinivasan
ConversingLabs caught up with Srinivasan to discuss how OpenSSF's Security Scorecard can aid developers in assessing open source software components for their projects.
How hackers access secrets
Bad actors are finding secrets across the supply chain. Here are the key attack methods — and what's needed to prevent them.
MOVEit software exploit walks before it runs
Cl0p quietly tested the flaw for two years before launching the full exploit. Lesson: Look both ways before crossing.
Self-attestation on software security: What development teams need to know
Software vendors that do business with the government must prove they are practicing basic supply chain security. Here's a rundown on the requirements.
The Gigabyte firmware backdoor: Lessons learned about supply chain security
Firmware attacks can pose a substantial risk to the software supply chain. Here's what your software security team can learn from the latest compromise.
The Week in Security: AI hallucinations linked to software supply chain risk, CI fix deemed critical
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
What's the difference between app sec and supply chain security? It's all in the hack
ReversingLabs Field CISO Matt Rose explains the difference between application security hacks and software supply chain hacks.
PyPI hackers code sneaky new tactic. Researchers caught 'em red handed
Compiled-code behavior analysis beats old-skool app sec tools.
The state of app sec with Chris Romeo: The year of the application is near
ConversingLabs caught up with Chris Romeo of Kerr Ventures at RSA Conference 2023 to talk about the state of application security. Watch (or listen) — and learn.