RoguePuppet software supply chain exposure: Lessons learned
A flaw in Puppet Forge on GitHub could have led to a supply chain disaster matching the scope of the attack on SolarWinds. Here are the key takeaways.
AppSec & Supply Chain Security
RoguePuppet software supply chain exposure: Lessons learned
'Software Supply Chain Security for Dummies': 3 takeaways for your team
ReversingLabs' new guide is a great starting point for software builders and buyers who are serious about supply chain security.
OSC&R's supply chain risk report: 95% of organizations face severe threat
AppSec risk managers and development teams: Take note of the key takeaways — and expert analysis.
Secure by Default: Lock down your development for better AppSec
Secure by Design's cousin can help make software more secure out of the box by adding guardrails to development. Here's how it helps — and its limitations.
The top AppSec Substacks to follow
Rev up your application security and software supply chain security engines by subscribing to these six practitioner-curated Substacks.
AppSec alert fatigue: 4 ways to reduce burnout — and boost security
Tool sprawl is making alert fatigue a major problem for teams responsible for application security. Here are four ways to combat it in your organization.
The Polyfill.io vulnerability: Software supply chain attack lessons
The compromise of the widely used Polyfill.io CDN contains important lessons for organizations on trust.
OASIS Open's push for a software supply chain standard: All together now?
The aim is to build a unifying framework incorporating existing SBOM data models, including CSAF, CycloneDX, OpenVEX, and SPDX. Experts weigh in with key insights.
How platform engineering helps you get a good start on Secure by Design
Self-service portals for developers can help organizations overcome challenges to getting up and running with CISA's software security initiative.
Why malware matters most: 6 ways to foil software threats faster
Making malware enemy No. 1 should be a top priority for AppSec teams. Here's why you need to shift your team's focus from vulnerabilities.
Verizon DBIR 2024: The rise in software supply chain attacks explained
Verizon's Data Breach Investigations Report marked a dramatic shift in threats. Learn about it from Verizon — and how to get ahead of risk — in this Webinar.
NSA's zero-trust maturity for AppSec: What you need to know
The new initiative aims to help teams secure application access — and ensure continuous visibility of the workload. Experts weigh in with key insights.
The state of AppSec: Are we getting ahead of attackers — or falling behind?
Is application security keeping up with modern supply chain attacks? One SME urges "glass half full"-optimism. The reality: AppSec tooling needs an upgrade.
Making SBOMs actionable: Why sharing is essential
Factors are converging to make sharing of software bills of materials a reality. Here are key concerns — and why data sharing is essential to their effectiveness.
Will CISA's Secure by Design pledge be a catalyst for better software security?
CISA has support from more than 60 companies, and it hopes more will follow. Here's what's in the pledge — and what experts say about its chances of success.