April 5, 2023
In this week’s Secure Software Blogwatch, we ponder the unintended consequences of “transparency.”
April 4, 2023
The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.
April 4, 2023
Here's what you need to know about BuildKit, how to leverage its SBOM capabilities — and its limitations for comprehensive supply chain security.
March 29, 2023
Purr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.
March 28, 2023
Common flaws are duplicated all across the software supply chain. Here's how security researchers want to automate fixes.
March 22, 2023
Here's how CorePlague works — and key takeaways from the vulnerabilities for your application security team.
March 15, 2023
GitHub is a weak link in the software supply chain. Finally, Microsoft is doing something about it — by forcing users into two-factor authentication (2FA).
March 7, 2023
Here's what you need to know about app sec's addiction to vulnerabilities — and why application security needs to evolve to take on supply chain security.
March 7, 2023
The new National Cybersecurity Strategy will punish big software developers for failing to follow best practices. And, for the first time, make them liable.
March 2, 2023
New details expose that the recent hack on LastPass was worse than previously thought. Also: CISA has called for for software makers who develop insecure software to be held liable.
March 1, 2023
LastPass has revealed a little more about the vault breach that occurred during August last year. And there are big, big lessons to be learned for DevSecOps teams.
February 22, 2023
ReversingLabs researchers discovered more than three dozen malicious packages on the PyPI repository that mimic popular HTTP libraries.