CISO Survival Guide: Commercial Software Supply Chain Risk
Operationalizing Third-Party Software Risk Management with Spectra Assure
Read More about CISO Survival Guide: Commercial Software Supply Chain RiskAppSec & Supply Chain Security
CISO Survival Guide: Commercial Software Supply Chain Risk
Keep your secrets secret: 5 core tips — and a call to action on modernizing
A multilayered approach to prevent secrets exposure is good strategy — but it must include a final check on all software before it goes out the door.
Read More about Keep your secrets secret: 5 core tips — and a call to action on modernizing
OWASP's Dependency-Track tool update: Key changes — and limitations
Here's what you need to know about the version 4.12.0 update — and about managing risk from your software, whether it's open source or not.
Read More about OWASP's Dependency-Track tool update: Key changes — and limitations
Threat modeling and binary analysis: Supercharge your risk strategy
Chris Romeo shares five key ways to merge modeling with modern software supply chain security — and improve your software risk management in the process.
Read More about Threat modeling and binary analysis: Supercharge your risk strategy
Threat modeling and binary analysis: Supercharge your risk strategy
Chris Romeo shares five key ways to merge modeling with modern software supply chain security — and improve your software risk management in the process.
Read More about Threat modeling and binary analysis: Supercharge your risk strategy
5 commercial software attacks — and what you can learn from them
Don't just roll the dice with commercial software risk. Here are key lessons from recent attacks for your security team.
Read More about 5 commercial software attacks — and what you can learn from them
The best cybersecurity certifications to level up your skills
With the threat landscape shifting, boosting your market value requires choosing the right certs. Here's what you need to know.
Read More about The best cybersecurity certifications to level up your skills
‘Good, fast, cheap... Pick two’: Software quality dilemma forces risky decisions
When developing software there are three options: good, fast, and cheap. But you can only pick two. Here's what that reality means for commercial software risk.
Read More about ‘Good, fast, cheap... Pick two’: Software quality dilemma forces risky decisions
Modernize your chaos engineering with commercial software transparency
By leveraging modern supply chain security, you can develop better chaos engineering with deeper visibility into all software. Here are key considerations.
Read More about Modernize your chaos engineering with commercial software transparency
CISA SBOM-a-rama: 4 key takeaways for software security teams
The Cybersecurity and Infrastructure Security Agency held its semiannual workshop on software bills of materials recently. Here's what you need to know.
Read More about CISA SBOM-a-rama: 4 key takeaways for software security teams
Go beyond the checkbox: How software bills of materials can manage risk
SBOMs are a good start — but modern software supply chain security tooling is needed to make them effective, experts say.
Read More about Go beyond the checkbox: How software bills of materials can manage risk
A long history: What’s next for software bills of materials is what matters
Beau Woods discusses the history of the SBOM, from its humble beginnings to its use today — and efforts to modernize it. Here are key highlights from the interview.
Read More about A long history: What’s next for software bills of materials is what matters
What’s in your commercial software?
RL’s Saša Zdjelar joined 'The Cyber Ranch Podcast' to discuss why organizations need to better scrutinize the software they use. Here are the key takeaways.
Read More about What’s in your commercial software?
Supply chain risk makes software stack visibility essential
IT GRC Forum expert panel: Get back to basics and put your SBOMs to work for better software security. Here are key takeaways.
Read More about Supply chain risk makes software stack visibility essential
EPSS and vulnerability management: New scoring system shows promise
The Exploit Prediction Scoring System performs better than CISA's KEV and CVSS scores for vulnerabilities in the wild — but combining all three works best.
Read More about EPSS and vulnerability management: New scoring system shows promise