What traditional app sec tools miss: The monsters in your software supply chain
Matt Rose presents at RSAC 2023 on the mismatch between traditional app sec tools like SCA and modern supply chain threats. Here are highlights from his talk.
AppSec & Supply Chain Security
What traditional app sec tools miss: The monsters in your software supply chain
The 3CX attack gets wilder, marks first 'cascading supply chain compromise'
The surprising story of the hack of VoIP provider 3CX got even crazier this week. Here's what you need to know.
Companies scramble to cover software supply chain security gaps: 3 key survey takeaways
In a new ReversingLabs Software Supply Chain Risk Survey, IT pros say supply chain security poses an “enterprise-wide” risk that traditional app sec tools can't address.
The Week in Security: 3CX attack caused by earlier supply chain hack, malware in Google Play
One software supply chain attack caused another, making it a first for the industry. Also: Malware spreads via apps in the Google Play Store.
Secrets security: The why, the how – and what to do about it
Secrets are increasingly exposed during software development, creating a field-day for malicious actors. Here are key takeaways from our special report series, Secrets Exposed.
The Week in Security: 3CX attackers identified as North Korean, CISA pushes Secure by Design
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Why 'shift left' is now a dirty term in some security circles
Here's why some security practitioners question the term — and what they think app sec teams should focus on instead.
What went wrong with the 3CX software supply chain attack — and how it could have been prevented
Experts break down the incident, and explain how app sec tools are evolving to detect and prevent such attacks.
CISA Cybersecurity Performance Goals update: Key changes and additions
CPGs are now better aligned with NIST's Cybersecurity Framework (CSF), and supply chain goals have been added. MFA guidance is also new.
Docker's BuildKit adds attestation: How it works and key limitations
Here's what you need to know about BuildKit and its Supply Chain Levels for Software Artifacts (SLSA) provenance capabilities for SBOMs.
The 3CX breach was targeted — but the plan was broader
The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.
How bulk pull requests help scale open source bug fixes
Flaws quickly spread across the supply chain. Here's how researchers at Alpha Omega and beyond are automating fixes.
The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague
The vulnerabilities left the door open to malicious plug-in updates. Here's what you need to know.
How to mitigate secrets risk — and prevent future breaches
Software secrets are in the crosshairs of malicious actors. Here are three key steps to mitigate risk — and best practices your team can take to prevent future breaches.