Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Attacks on critical infrastructure and the software supply chain take off
Software bills of materials have become key to mitigating software threats. Here's what you need to know — and how to put them to work.
Read More about What an SBOM is — and why it matters
With software supply chain attacks ramping up, software bills of materials (SBOMs) are getting the nod from both government and industry experts as a "no brainer."
Read More about 4 takeaways from the MITRE software security panel
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of cybersecurity.
Read More about The Week in Security: Google takes next step on supply chain risk, UK issues software security guidance
A PHP repository vulnerability threatened millions of sites. Here's why you need to make an SBOM the first step in your software supply chain security journey.
Read More about Packagist PHP repo supply chain attack: 3 key takeaways
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about Week in Security: Open source tool used to steal data from defense firm
With third-party sources — and supply chain attacks surging — Gartner expects adoption of SBOMs to go from less than 5% now to 60% in 2025
Read More about Gartner: Knowing your software's ingredients is critical to managing risk
Welcome to the latest edition of The Week in Security, which brings you the most important headlines from the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Bill tasks CISA Director with responsibility for open source software security
Selling software to the government? You must now attest to conformity with NIST standards. And SBOMs, while not required, are preferred.
Read More about White House now requires software adhere to NIST standards
Here's what you need to know about the new OpenSSF npm security best practices.
Read More about OpenSSF's npm best practices: A solid first step for supply chain security — but trust issues remain
New federal guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. A software bill of materials (SBOM) is central. Here are four key takeaways.
Read More about Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world
Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.
Read More about The SBOM is evolving: 4 key trends boosting software supply chain security
The National Vulnerability Database represents a minority of software supply chain threats. With attacks surging, teams must shift focus from vulnerabilities to malware.
Read More about 6 reasons AppSec teams should shift gears and go beyond legacy vulnerabilities
The National Vulnerability Database does not tell the full story of software risk. Here's why the NVD — and your AppSec approach — needs to be modernized.
Read More about NVD Analysis: Why you need to modernize your application security
There are many problems facing the cybersecurity community today, and they will only get worse before they get better. Despite this bleak view, former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs reminded the audience at Black Hat USA 2022 to place their hope in people to have a more secure future.
Read More about The state of cybersecurity: 'Things are going to get worse before they get better,' Krebs tells Black Hat 2022