Funding of the OSS ecosystem has reached a crisis as threat actors increasingly target weaknesses in infrastructure.
Read More about Leaders call for commercial funding of open-source platforms
If you train ML models, they can learn to write more secure code. But the quality of the training data is only as good as your AppSec tooling.
Read More about How AI coding tools can learn to develop secure software
Developer Productivity Engineering provides a framework to boost code production and creativity — and can help to improve application security.
Read More about How DPE can speed development — and boost your AppSec
Researchers at Black Hat discussed how these tools can leave development teams vulnerable to hacks like remote-code execution.
Read More about Speed kills: AI coding tools revive old-school hacks
Leading firms are using DevEx to achieve application security gains at speed. Here's how it works — and how to get started.
Read More about Move over, DevSecOps — DevEx is the new darling
Here's why your organization should consider using SaaSBOMs, key challenges — and how to put CycloneDX's xBOM standard into action.
Read More about 5 reasons you need an SaaSBOM
Here's what's holding DevSecOps back — and why modernizing your application security tooling is critical in the software supply chain security era.
Read More about The state of DevSecOps: Why upgrading your AppSec tooling is essential
Combined with cloud service providers' CLIs, continuous delivery/continuous integration can pose a threat. Here's why — and how to keep a lid on your secrets.
Read More about CI/CD pipelines and the cloud: Are your development secrets at risk?
Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue.
Read More about Memory-safe languages and security by design: Key insights, lessons learned
When using AI tools including GitHub Copilot, your security team must be aware of — and protect against — certain risks. Here are the top considerations.
Read More about Secure your AI development tools: 4 key questions to ask
Don't neutralize CI/CD business gains by failing to account for risk. Here are best practices to ensure that your software development pipeline is secure.
Read More about 8 CI/CD security best practices: Protect your software pipeline
Extending the language's bare-metal use from Linux will make Android a trusted platform — and have a broader impact on the Rust development community.
Read More about Rust on Android goes bare metal: 3 key security benefits
What’s to come for the security of open source software? ConversingLabs caught up with Mikaël Barbero of the Eclipse Foundation to answer that question. Watch (or listen) and learn.
Read More about The state of OSS security: Changes in attack methods, policy
"Shift left" is giving way to up-front software risk assessments, and companies are increasingly tapping external support for third-party compliance. Learn more from application security peers.
Read More about SANS DevSecOps report: 5 key takeaways
These leading app sec experts provide a steady flow of security knowledge to keep you up to speed.
Read More about 20 application security pros you should follow