App sec and the supply chain: Work in tandem with engineers to achieve true software security

Application security is foundational to the software supply chain security ecosystem. But it takes a village. Derek Fisher explains in this fireside chat with Matt Rose.

If you don't love me now: JsonWebToken could break the software supply chain (again)

The JsonWebToken library has a flaw that could have lead to remote code execution (RCE).

Danger: Researchers exploit gaps in connected vehicle software supply chain

Researchers compromised source code and development infrastructure for Mercedes-Benz and SiriusXM Connected Vehicle Services, raising security concerns.

After hack, CircleCI tells devs to update secrets now

In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers.

PyTorch supply chain attack: Dependency confusion burns DevOps

A classic dependency confusion attack revealed itself last week.

10 software supply chain attacks you can learn from

Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable software supply chain attacks.

The Week in Security: Okta says source code stolen. Also: SentinelSneak: PyPi moduel poses as security SDK

Welcome to the latest edition of The Week in Security, which brings you the latest headlines across the full stack of security: application security; cybersecurity; and beyond.

Expert panel: No ‘silver bullet’ for supply chain security

Experts and a top analyst discussed the state of software supply chain security in a recent Webinar. Here are key takeaways from their discussion.

The Week in Security: Software supply chain attack mines diamond industry, npm security boosted

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

New supply chain mandates: Uncle Sam wants you (to secure your software)!

Here are the key elements of Executive Order 14028, and software supply chain security guidance from the Enduring Security Framework working group.

Log4j one year in: Vulnerability fuels attacks — and a new urgency for software supply chain security

The Week in Security: Docker Hub leaks secrets, Black Basta ransomware gangs up on retailer

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

GitHub repojacking attack: 10 lessons for software teams

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.

The Week in Security: Disguised Russian software used in U.S. Army, CDC applications

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

The Week in Security: Former Uber CSO convicted over hack cover-up, supply chain attack targets media

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.