Firmware attacks can pose a substantial risk to the software supply chain. Here's what your software security team can learn from the latest compromise.
Read More about The Gigabyte firmware backdoor: Lessons learned about supply chain security
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: AI hallucinations linked to software supply chain risk, CI fix deemed critical
ReversingLabs Field CISO Matt Rose explains the difference between application security hacks and software supply chain hacks.
Read More about What's the difference between app sec and supply chain security? It's all in the hack
Compiled-code behavior analysis beats old-skool app sec tools.
Read More about PyPI hackers code sneaky new tactic. Researchers caught 'em red handed
ConversingLabs caught up with Chris Romeo of Kerr Ventures at RSA Conference 2023 to talk about the state of application security. Watch (or listen) — and learn.
Read More about The state of app sec with Chris Romeo: The year of the application is near
Nvidia's tool is among the first to promise to manage the risk from generative AI. Here's what it can do — and an analysis of the scope of risk from AI.
Read More about Can AI-based software supply chain risk be tamed by NeMo Guardrails?
In a recent survey, 300 IT and software pros were asked about the state of software supply chain security. Here are takeaways from a webinar discussion.
Read More about Practitioners reveal growing concerns about software security
John Jackson and his Sakura Samurai crew took India up on an invitation to test the security of government websites and apps. Here are the lessons learned.
Read More about Red teaming a country: Lessons learned from hacking India's government
The Python repo was flooded with malicious typo-squatting packages. Weekend warriors quit defense and hit pause.
Read More about PyPI paused as automated attack overwhelms admins
The cost of attacks on software supply chains could exceed $80.6B by 2026, a 76% increase over the $45.8B expected in 2023, a market research firm finds.
Read More about Too costly to fail — and about to get costlier: Why software security matters
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Capita AWS bucket exposes benefits data, Toyota leaks customer data on 2M
Stolen keys allow bootkits to avoid Intel’s “Guard” features. And there’s no way to revoke them.
Read More about Lessons from MSI's UEFI key breach: How safe are the secrets in your software?
The path to success for SBOMs faces many hurdles. Here are key factors that threaten your investments.
Read More about 7 obstacles to success with software bills of materials
...
Read More about The Week in Security: Coalition takes down Russia's Snake espionage tool, GitHub plugs API leaks
In this ConversingLabs Cafe interview, Josh Corman, founder of I Am The Cavalry, talks about what’s behind industry skepticism around SBOMs.
Read More about Why fear rules when it comes to software bills of materials