OpenSSF's updated framework is an essential tool for dev teams, but experts say it's incomplete as a supply chain security solution
Read More about SLSA 1.0 delivers build provenance: What application security teams need to know
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Sunburst attack set off alarms for months before discovery
The Department of Justice stays on the down-low: Poster child for software supply chain security? The plot thickens...
Read More about SolarWinds hack: Did DOJ know 6 months earlier?
Here's why SBOMs are essential for cybersecurity incident response — and how to put them to work.
Read More about How to operationalize software bills of materials for incident response
The stakes were raised at RSA Conference 2023: A “hot” cyber war in Ukraine, software supply chain attacks on the rise — and let's not forget about artificial intelligence.
Read More about RSAC in review: Supply chain security, cyber war and AI
Here's what experts say about the CISA initiative's potential impact on software supply chain security — and security operations.
Read More about CISA Secure by Design: 'It's a starting point, not an endpoint'
In a ConversingLabs conversation, Charlie Jones of ReversingLabs talks about risk with supply chain attacks, and what development teams can do to spot malware lurking in signed code.
Read More about The rise of malware in the software supply chain – and what to do about it
Matt Rose presents at RSAC 2023 on the mismatch between traditional app sec tools like SCA and modern supply chain threats. Here are highlights from his talk.
Read More about What traditional app sec tools miss: The monsters in your software supply chain
The surprising story of the hack of VoIP provider 3CX got even crazier this week. Here's what you need to know.
Read More about The 3CX attack gets wilder, marks first 'cascading supply chain compromise'
In a new ReversingLabs Software Supply Chain Risk Survey, IT pros say supply chain security poses an “enterprise-wide” risk that traditional app sec tools can't address.
Read More about Companies scramble to cover software supply chain security gaps: 3 key survey takeaways
One software supply chain attack caused another, making it a first for the industry. Also: Malware spreads via apps in the Google Play Store.
Read More about The Week in Security: 3CX attack caused by earlier supply chain hack, malware in Google Play
Software supply chain security is taking center-stage at RSAC 2023. Here are the talks you don't want to miss.
Read More about What’s hot at RSA Conference 2023: 8 must-see software supply chain security talks
Secrets are increasingly exposed during software development, creating a field-day for malicious actors. Here are key takeaways from our special report series, Secrets Exposed.
Read More about Secrets security: The why, the how – and what to do about it
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: 3CX attackers identified as North Korean, CISA pushes Secure by Design
Here's why some security practitioners question the term — and what they think app sec teams should focus on instead.
Read More about Why 'shift left' is now a dirty term in some security circles