Census III study spotlights ongoing open-source software security challenges
The study, from the Linux Foundation, OpenSSF, and Harvard, highlights key open-source risk areas. Here's what you need to know.
AppSec & Supply Chain Security
Census III study spotlights ongoing open-source software security challenges
SEC cybersecurity disclosures and lessons to be learned: A timeline
Here’s what the 2024 8-K security-incident filings are all about, lessons to be learned — and the bigger picture for cybersecurity.
U.K. cybersecurity chief warns of gap between risks and defenses
The new NCSC lead warned that cybersecurity risk is 'widely underestimated.' But experts say AI could close the gap — if the industry comes together.
SEC action raises the bar on software transparency
Four firms have been fined for playing down how the SolarWinds attack impacted them. It’s part of a government push for greater supply chain transparency.
AI-based fuzzing targets open-source LLM vulnerabilities
Google researchers using OSS-Fuzz have identified 26 vulnerabilities, but experts warn that AI fuzzing is not a panacea for AI/ML security.
The state of AppSec tooling: Step up to modern software security
Organizations are struggling with outdated tools. Here's what you need to know about modernizing your AppSec tooling for today's supply chain threats.
Why shift left alone can't manage your software risk
The state of application security was on the agenda at the Elephant in AppSec Conference. One clear takeaway: Modern threats demand an all-in approach.
Software liability gets real: 5 ways to get ahead of the EU's new directive
Here's what your organization needs to know about the Product Liability Directive — and how to avoid any slip-ups.
OWASP Top 10 for LLM adds risks: Get on target to secure your AI models
OWASP has updated its Top 10 list with key risk areas, and recently added an AppSec tooling guide for AI. Here's what they cover — and what they don't.
CISA's secure software deployment push: Key takeaways for AppSec teams
To avoid the next CrowdStrike fiasco, CISA and other agencies recommend embracing safe deployment practices earlier in the SDLC. Here's what you need to know.
AppSec vs. product security: Secure by Design demands a strategy shift
Here's why and how to push your application security further into ProdSec — and what that means to achieving the goals of CISA's Secure by Design.
.webp&w=3840&q=75)
Downgrade attacks open patched systems to malware
Researcher Alon Leviev warns that the Microsoft Windows compromise posed risks that were structural — stretching well beyond the specific flaws.
Connected car security: Software complexity creates bumps in the road
Here's what you need to know about connected car security initiatives — and key lessons more broadly from software supply chain security's rough ride.
CISO Survival Guide: Commercial Software Supply Chain Risk
Operationalizing Third-Party Software Risk Management with Spectra Assure
Keep your secrets secret: 5 core tips — and a call to action on modernizing
A multilayered approach to prevent secrets exposure is good strategy — but it must include a final check on all software before it goes out the door.