Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
With third-party sources — and supply chain attacks surging — Gartner expects adoption of SBOMs to go from less than 5% now to 60% in 2025
Welcome to the latest edition of The Week in Security, which brings you the most important headlines from the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Selling software to the government? You must now attest to conformity with NIST standards. And SBOMs, while not required, are preferred.
Here's what you need to know about the new OpenSSF npm security best practices.
New federal guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. A software bill of materials (SBOM) is central. Here are four key takeaways.
Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.
The National Vulnerability Database represents a minority of software supply chain threats. With attacks surging, teams must shift focus from vulnerabilities to malware.
The National Vulnerability Database does not tell the full story of software risk. Here's why the NVD — and your AppSec approach — needs to be modernized.
There are many problems facing the cybersecurity community today, and they will only get worse before they get better. Despite this bleak view, former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs reminded the audience at Black Hat USA 2022 to place their hope in people to have a more secure future.
Black Hat is set to return next week with two years of pent up cybersecurity research and discoveries. Here are the talks you don't want to miss.
software-supply-chain-security-takes-center-stage-at-black-hat-2022
Here is a run-down of the 10 streams from OpenSSF's Open Source Software Security Mobilization Plan.
Cozy Bear APT group is using Dropbox and Google drive to cover up attacks, malware is spreading via Google Play Store apps, and more.
SBOM Facts: Know what's in your software to fend off supply chain attacks