Can AI-based software supply chain risk be tamed by NeMo Guardrails?
Nvidia's tool is among the first to promise to manage the risk from generative AI. Here's what it can do — and an analysis of the scope of risk from AI.
AppSec & Supply Chain Security
Can AI-based software supply chain risk be tamed by NeMo Guardrails?
Practitioners reveal growing concerns about software security
In a recent survey, 300 IT and software pros were asked about the state of software supply chain security. Here are takeaways from a webinar discussion.
Red teaming a country: Lessons learned from hacking India's government
John Jackson and his Sakura Samurai crew took India up on an invitation to test the security of government websites and apps. Here are the lessons learned.
PyPI paused as automated attack overwhelms admins
The Python repo was flooded with malicious typo-squatting packages. Weekend warriors quit defense and hit pause.
Too costly to fail — and about to get costlier: Why software security matters
The cost of attacks on software supply chains could exceed $80.6B by 2026, a 76% increase over the $45.8B expected in 2023, a market research firm finds.
The Week in Security: Capita AWS bucket exposes benefits data, Toyota leaks customer data on 2M
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Lessons from MSI's UEFI key breach: How safe are the secrets in your software?
Stolen keys allow bootkits to avoid Intel’s “Guard” features. And there’s no way to revoke them.
7 obstacles to success with software bills of materials
The path to success for SBOMs faces many hurdles. Here are key factors that threaten your investments.
The Week in Security: Coalition takes down Russia's Snake espionage tool, GitHub plugs API leaks
...
Why fear rules when it comes to software bills of materials
In this ConversingLabs Cafe interview, Josh Corman, founder of I Am The Cavalry, talks about what’s behind industry skepticism around SBOMs.
SLSA 1.0 delivers build provenance: What application security teams need to know
OpenSSF's updated framework is an essential tool for dev teams, but experts say it's incomplete as a supply chain security solution
The Week in Security: Sunburst attack set off alarms for months before discovery
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
SolarWinds hack: Did DOJ know 6 months earlier?
The Department of Justice stays on the down-low: Poster child for software supply chain security? The plot thickens...
How to operationalize software bills of materials for incident response
Here's why SBOMs are essential for cybersecurity incident response — and how to put them to work.
RSAC in review: Supply chain security, cyber war and AI
The stakes were raised at RSA Conference 2023: A “hot” cyber war in Ukraine, software supply chain attacks on the rise — and let's not forget about artificial intelligence.