Modern software development is a primary target for supply chain attacks. Here's why traditional application security testing alone is not up to the job.
Read More about 3 reasons to upgrade your AppSec testing to tackle supply chain security
The CircleCI breach reveals a bigger story on secrets. Matt Rose and Chris Wilder discuss lessons learned in this webinar
Read More about Lessons learned from the CircleCI secrets breach
The new CISA office could make a big difference — and even lead to a new discipline dedicated to software supply chain security
Read More about How C-SCRM could fill the gaps on supply chain security
The Circle CI breach and other recent hacks expose why the secrets problem is so prolific. Here's what you need to know.
Read More about Why devs and repos spill secrets
Modeled after MITRE ATT&CK, OSC&R aims to improve software supply chain security. Experts share its hits — and misses.
Read More about OSC&R targets software supply chain attacks
CISA's C-SCRM turns a page on a busy year for federal software supply chain security directives and guidance. Will it move the needle?
Read More about Less talk, more action: High hopes for CISA's new C-SCRM office
Software teams face growing supply chain complexity and threats. Here's why your application security team needs to go beyond open source and vulnerabilities.
Read More about SCA is necessary, but AppSec must evolve to tackle software supply chain security.webp&w=3840&q=75)
Forrester has assessed that software composition analysis (SCA) has grown into an established market. Here are the highlights for teams tasked with software supply chain security
Read More about Software composition analysis and the evolution of application security
The Forrester Software Composition Analysis Landscape, Q1 2023 report provides a competitive analysis of SCA tools. Here's how they deliver (and miss) on software supply chain security
Read More about The SCA tools landscape and what it means to software supply chain security
Software bills of materials (SBOMs) deliver a ground truth for software teams. Here's how they can protect their supply chains.
Read More about Why knowing the "ground truth" is key to software security
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce
Supply chain risk management guidance incoming, like it or not
Read More about C-SCRM: We’re from the government — and we’re here to help with software supply chain security
Here's how risks emerge with third-party software, and why third-party partners are best for validating software security end-to-end
Read More about Leverage third-party software validation to bolster your supply chain security
Firing ‘the best of the best’ does not bode well for software security. Will the last to leave please turn off the lights?
Read More about Google’s Open Source Team Layoffs A Security Risks
Software Bills of Materials could become Software Bills of Mediocrity. But not if we can agree on their real value for software supply chain security.
Read More about Go beyond Software Bills of Mediocrity