The compromise of the widely used Polyfill.io CDN contains important lessons for organizations on trust.
Read More about The Polyfill.io vulnerability: Software supply chain attack lessons
The aim is to build a unifying framework incorporating existing SBOM data models, including CSAF, CycloneDX, OpenVEX, and SPDX. Experts weigh in with key insights.
Read More about OASIS Open's push for a software supply chain standard: All together now?
Self-service portals for developers can help organizations overcome challenges to getting up and running with CISA's software security initiative.
Read More about How platform engineering helps you get a good start on Secure by Design
Making malware enemy No. 1 should be a top priority for AppSec teams. Here's why you need to shift your team's focus from vulnerabilities.
Read More about Why malware matters most: 6 ways to foil software threats faster
Verizon's Data Breach Investigations Report marked a dramatic shift in threats. Learn about it from Verizon — and how to get ahead of risk — in this Webinar.
Read More about Verizon DBIR 2024: The rise in software supply chain attacks explained
The new initiative aims to help teams secure application access — and ensure continuous visibility of the workload. Experts weigh in with key insights.
Read More about NSA's zero-trust maturity for AppSec: What you need to know
Is application security keeping up with modern supply chain attacks? One SME urges "glass half full"-optimism. The reality: AppSec tooling needs an upgrade.
Read More about The state of AppSec: Are we getting ahead of attackers — or falling behind?
Factors are converging to make sharing of software bills of materials a reality. Here are key concerns — and why data sharing is essential to their effectiveness.
Read More about Making SBOMs actionable: Why sharing is essential
CISA has support from more than 60 companies, and it hopes more will follow. Here's what's in the pledge — and what experts say about its chances of success.
Read More about Will CISA's Secure by Design pledge be a catalyst for better software security?
With inherent threats, which are core to the system being modeled, protective measures cannot be perfect or complete. Here's how to best manage that.
Read More about When it comes to threat modeling, not all threats are created equal
The new program, which follows NIST's slowdown on the National Vulnerability Database, will enrich CVEs with contextual data for better vulnerability management.
Read More about CISA's 'vulnrichment' aims to fix the NVD
Here are the highlights that practitioners and leaders should know if they skipped last week's RSAC, the mother of all cybersecurity shows.
Read More about What you missed at RSA Conference 2024: Key trends and takeaways
The new Data Breach Investigations Report sounds the alarm over software supply chain security — and calls for higher standards for development organizations.
Read More about Verizon 2024 DBIR: Software supply chain risks fuel a data breach epidemic
Software supply chain security (SSCS) remains one of the most popular talk tracks at RSA Conference. Here are the sessions that look most interesting.
Read More about What’s hot at RSAC 2024: 8 SSCS talks you don’t want to miss
RL announced the Spectra Advanced File Analysis and Malware Detection suite, a strategic update of our malware analysis and threat hunting solutions for advanced file analysis and threat detection. Here’s what you need to know.
Read More about Introducing the Unified RL Spectra Suite