June 1, 2023
ReversingLabs researchers identified a PyPI attack using compiled Python code to evade detection — possibly the first PYC file direct-execution attack.
June 1, 2023
ConversingLabs caught up with Chris Romeo of Kerr Ventures at RSA Conference 2023 to talk about the state of application security. Watch (or listen) — and learn.
May 31, 2023
Experts warn ChatGPT-based coding could do to us what an asteroid did to the dinosaurs. Hype — or heads-up to reckon with?
May 30, 2023
Here's a look at this first example of tools to manage the risk from generative AI — and analysis of the scope of that risk to the software supply chain.
May 23, 2023
Python Package Index was flooded with malicious typo-squatting packages. Weekend warriors quit defense and hit the pause button.
May 9, 2023
It takes a village... In Las Vegas, researchers play capture the flag to find vulnerabilities in tools like ChatGPT — with a White House assist.
May 9, 2023
OpenSSF's updated Supply-chain Levels for Software Artifacts is an essential tool, but experts say it's not a comprehensive supply chain security tool.
April 19, 2023
Secrets are increasingly exposed in code, creating a field-day for malicious actors. Here are key takeaways from our Secrets Exposed special report.
April 18, 2023
The goal might be laudable, but aspects of the EU law need a major rethink. In this week’s Secure Software Blogwatch, we fear unintended consequences.
April 13, 2023
Here's what the move means in the short run — and the long term, for the evolution from application security to software software supply chain security.
April 11, 2023
Here's why some security practitioners question the term "shift left" — and what they think application security teams should focus on instead.
April 11, 2023
Déjà vu, but carry protection, dev teams traveling with credentials: Theorized as early as 2011, could public-USB attacks have finally gone rogue?