Less talk, more action: High hopes for CISA's new C-SCRM office
CISA's C-SCRM turns a page on a busy year for federal software supply chain security directives and guidance. Will it move the needle?
AppSec & Supply Chain Security
Less talk, more action: High hopes for CISA's new C-SCRM office
SCA is necessary, but AppSec must evolve to tackle software supply chain security
Software teams face growing supply chain complexity and threats. Here's why your application security team needs to go beyond open source and vulnerabilities.
.webp&w=3840&q=75)
Software composition analysis and the evolution of application security
Forrester has assessed that software composition analysis (SCA) has grown into an established market. Here are the highlights for teams tasked with software supply chain security
The SCA tools landscape and what it means to software supply chain security
The Forrester Software Composition Analysis Landscape, Q1 2023 report provides a competitive analysis of SCA tools. Here's how they deliver (and miss) on software supply chain security
Why knowing the "ground truth" is key to software security
Software bills of materials (SBOMs) deliver a ground truth for software teams. Here's how they can protect their supply chains.
The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
C-SCRM: We’re from the government — and we’re here to help with software supply chain security
Supply chain risk management guidance incoming, like it or not
Leverage third-party software validation to bolster your supply chain security
Here's how risks emerge with third-party software, and why third-party partners are best for validating software security end-to-end
Google’s Open Source Team Layoffs A Security Risks
Firing ‘the best of the best’ does not bode well for software security. Will the last to leave please turn off the lights?
Go beyond Software Bills of Mediocrity
Software Bills of Materials could become Software Bills of Mediocrity. But not if we can agree on their real value for software supply chain security.
Move over, npm: Now VS Code extensions can’t be trusted
It’s super easy to spoof Visual Studio Code extensions. And those spoofed extensions are incredibly hard to detect.
AI unleashed: Are you repared for next-gen software supply chain attacks?
ChatGPT and Copilot are a clear and present danger to software security. Modernize your AppSec approach today
The Week in Security: PyPI hit by ‘Lolip0p’ info-stealing attack, ransomware targets ship fleet
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Why you should get out in front of software security requirements
Get out in front of new compliance requirements for a competitive advantage. Here's what your software organization needs to know.
The CircleCI secrets hack: A red flag on software supply chain risk
Security teams should consider software supply chain risk through a new lens after the latest CircleCI incident.