May 9, 2023
OpenSSF's updated Supply-chain Levels for Software Artifacts is an essential tool, but experts say it's not a comprehensive supply chain security tool.
April 19, 2023
Secrets are increasingly exposed in code, creating a field-day for malicious actors. Here are key takeaways from our Secrets Exposed special report.
April 18, 2023
The goal might be laudable, but aspects of the EU law need a major rethink. In this week’s Secure Software Blogwatch, we fear unintended consequences.
April 13, 2023
Here's what the move means in the short run — and the long term, for the evolution from application security to software software supply chain security.
April 11, 2023
Here's why some security practitioners question the term "shift left" — and what they think application security teams should focus on instead.
April 11, 2023
Déjà vu, but carry protection, dev teams traveling with credentials: Theorized as early as 2011, could public-USB attacks have finally gone rogue?
April 5, 2023
In this week’s Secure Software Blogwatch, we ponder the unintended consequences of “transparency.”
April 4, 2023
The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.
April 4, 2023
Here's what you need to know about BuildKit, how to leverage its SBOM capabilities — and its limitations for comprehensive supply chain security.
March 29, 2023
Purr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.
March 28, 2023
Common flaws are duplicated all across the software supply chain. Here's how security researchers want to automate fixes.
March 22, 2023
Here's how CorePlague works — and key takeaways from the vulnerabilities for your application security team.