GitHub enforces 2FA — it’s about time (given the state of supply chain security)
GitHub just got a little safer, by finally forcing users into two-factor authentication. What took you so long, Microsoft?
AppSec & Supply Chain Security
GitHub enforces 2FA — it’s about time (given the state of supply chain security)
Fixing secrets leaks requires holistic software stack protection
The recent hacks at CircleCI and other organizations show that your software supply chain may be a grab bag of software secrets. Only an end-to-end security approach can solve the problem.
When it comes to financial services, mind the gaps in your AppSec testing
Why you need to upgrade to software supply chain security: Adversaries can compromise your organization without comprehensive malware identification.
Why software transparency is critical: Understanding supply chain security in a software-driven society
Here's an overview of our upcoming book, with highlights and key takeaways from each chapter.
App sec is addicted to vulnerability reporting: Why supply chain security requires evolution
Teams are mired in CVEs, the NVD (which is fed by CVE data), and the CVSS. Experts explain why it's time to modernize.
White House cyber strategy: A love/hate story
In a first, the Biden administration will hold software developers accountable for vulnerabilities. Naturally, it’s dividing opinions
3 reasons to upgrade your AppSec testing to tackle supply chain security
Modern software development is a primary target for supply chain attacks. Here's why traditional application security testing alone is not up to the job.
Lessons learned from the CircleCI secrets breach
The CircleCI breach reveals a bigger story on secrets. Matt Rose and Chris Wilder discuss lessons learned in this webinar
How C-SCRM could fill the gaps on supply chain security
The new CISA office could make a big difference — and even lead to a new discipline dedicated to software supply chain security
Why devs and repos spill secrets
The Circle CI breach and other recent hacks expose why the secrets problem is so prolific. Here's what you need to know.
OSC&R targets software supply chain attacks
Modeled after MITRE ATT&CK, OSC&R aims to improve software supply chain security. Experts share its hits — and misses.
Less talk, more action: High hopes for CISA's new C-SCRM office
CISA's C-SCRM turns a page on a busy year for federal software supply chain security directives and guidance. Will it move the needle?
SCA is necessary, but AppSec must evolve to tackle software supply chain security
Software teams face growing supply chain complexity and threats. Here's why your application security team needs to go beyond open source and vulnerabilities.
.webp&w=3840&q=75)
Software composition analysis and the evolution of application security
Forrester has assessed that software composition analysis (SCA) has grown into an established market. Here are the highlights for teams tasked with software supply chain security
The SCA tools landscape and what it means to software supply chain security
The Forrester Software Composition Analysis Landscape, Q1 2023 report provides a competitive analysis of SCA tools. Here's how they deliver (and miss) on software supply chain security