Move over, DevSecOps: DevEx is the new darling
DevEx is an approach that leading firms use to achieve application security gains at speed. Here's how it works — and how to get started.
Read More about Move over, DevSecOps: DevEx is the new darlingDev & DevSecOps
Move over, DevSecOps: DevEx is the new darling
5 reasons you need an SaaSBOM
Here's why your organization should consider using SaaSBOMs, key challenges — and how to put CycloneDX's xBOM standard into action.
Read More about 5 reasons you need an SaaSBOM
The state of DevSecOps: Why upgrading your AppSec tooling is essential
Here's what's holding DevSecOps back — and why modernizing your application security tooling is critical in the software supply chain security era.
Read More about The state of DevSecOps: Why upgrading your AppSec tooling is essential
CI/CD pipelines and the cloud: Are your development secrets at risk?
Combined with cloud service providers' CLIs, continuous delivery/continuous integration can pose a threat. Here's why — and how to keep a lid on your secrets.
Read More about CI/CD pipelines and the cloud: Are your development secrets at risk?
Memory-safe languages and security by design: Key insights, lessons learned
Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue.
Read More about Memory-safe languages and security by design: Key insights, lessons learned
Secure your AI development tools: 4 key questions to ask
When using AI tools including GitHub Copilot, your security team must be aware of — and protect against — certain risks. Here are the top considerations.
Read More about Secure your AI development tools: 4 key questions to ask
8 CI/CD security best practices: Protect your software pipeline
Don't neutralize CI/CD business gains by failing to account for risk. Here are best practices to ensure that your software development pipeline is secure.
Read More about 8 CI/CD security best practices: Protect your software pipeline
Rust on Android goes bare metal: 3 key security benefits
Extending the language's bare-metal use from Linux will make Android a trusted platform — and have a broader impact on the Rust development community.
Read More about Rust on Android goes bare metal: 3 key security benefits
The state of OSS security: Changes in attack methods, policy
What’s to come for the security of open source software? ConversingLabs caught up with Mikaël Barbero of the Eclipse Foundation to answer that question. Watch (or listen) and learn.
Read More about The state of OSS security: Changes in attack methods, policy
SANS DevSecOps report: 5 key takeaways
"Shift left" is giving way to up-front software risk assessments, and companies are increasingly tapping external support for third-party compliance. Learn more from application security peers.
Read More about SANS DevSecOps report: 5 key takeaways
20 application security pros you should follow
These leading app sec experts provide a steady flow of security knowledge to keep you up to speed.
Read More about 20 application security pros you should follow
AI coding helpers get FAILing grade
Purdue researchers expose generative AI tools like Copilot's frequent errors when asked basic development questions.
Read More about AI coding helpers get FAILing grade
Listen up, devs: AI trained to overhear passwords
Deep learning model knows what keys you press — “with 95% accuracy.” The password's days are numbered.
Read More about Listen up, devs: AI trained to overhear passwords
FraudGPT / WormGPT: Scammy for now — but a worrying signpost for software security
Your app sec team should factor in more capable malicious AI tools, coming soon.
Read More about FraudGPT / WormGPT: Scammy for now — but a worrying signpost for software security
No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’
It’s an optional trial program (for now). How would your devs cope?
Read More about No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’