Software supply chain security is taking center-stage at RSAC 2023. Here are the talks you don't want to miss.
Read More about What’s hot at RSA Conference 2023: 8 must-see software supply chain security talks
Secrets are increasingly exposed during software development, creating a field-day for malicious actors. Here are key takeaways from our special report series, Secrets Exposed.
Read More about Secrets security: The why, the how – and what to do about it
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: 3CX attackers identified as North Korean, CISA pushes Secure by Design
Here's why some security practitioners question the term — and what they think app sec teams should focus on instead.
Read More about Why 'shift left' is now a dirty term in some security circles
Experts break down the incident, and explain how app sec tools are evolving to detect and prevent such attacks.
Read More about What went wrong with the 3CX software supply chain attack — and how it could have been prevented
CPGs are now better aligned with NIST's Cybersecurity Framework (CSF), and supply chain goals have been added. MFA guidance is also new.
Read More about CISA Cybersecurity Performance Goals update: Key changes and additions
Here's what you need to know about BuildKit and its Supply Chain Levels for Software Artifacts (SLSA) provenance capabilities for SBOMs.
Read More about Docker's BuildKit adds attestation: How it works and key limitations
The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.
Read More about The 3CX breach was targeted — but the plan was broader
Flaws quickly spread across the supply chain. Here's how researchers at Alpha Omega and beyond are automating fixes.
Read More about How bulk pull requests help scale open source bug fixes
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts
The vulnerabilities left the door open to malicious plug-in updates. Here's what you need to know.
Read More about Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague
Software secrets are in the crosshairs of malicious actors. Here are three key steps to mitigate risk — and best practices your team can take to prevent future breaches.
Read More about How to mitigate secrets risk — and prevent future breaches.webp&w=3840&q=75)
While best practices adoption for AppSec is up, many supply chain security problems remain, the OpenSSF SLSA framework survey shows.
Read More about Application security practices are maturing — but it's a work in progress
GitHub just got a little safer, by finally forcing users into two-factor authentication. What took you so long, Microsoft?
Read More about GitHub enforces 2FA — it’s about time (given the state of supply chain security)
The recent hacks at CircleCI and other organizations show that your software supply chain may be a grab bag of software secrets. Only an end-to-end security approach can solve the problem.
Read More about Fixing secrets leaks requires holistic software stack protection