May 31, 2023
Experts warn ChatGPT-based coding could do to us what an asteroid did to the dinosaurs. Hype — or heads-up to reckon with?
May 23, 2023
Python Package Index was flooded with malicious typo-squatting packages. Weekend warriors quit defense and hit the pause button.
May 17, 2023
Stolen keys allow bootkits to avoid Intel’s “Guard” features. And there’s no way to revoke them.
May 9, 2023
It takes a village... In Las Vegas, researchers play capture the flag to find vulnerabilities in tools like ChatGPT — with a White House assist.
May 3, 2023
The Department of Justice is reported to have stayed on the down-low on SolarWinds. Poster child for software supply chain security? The plot thickens...
April 26, 2023
RSA Conference is back big in 2023, with large language models buzzing: Al to fight AI, and generative AI and supply chain security.
April 18, 2023
The goal might be laudable, but aspects of the EU law need a major rethink. In this week’s Secure Software Blogwatch, we fear unintended consequences.
April 11, 2023
Déjà vu, but carry protection, dev teams traveling with credentials: Theorized as early as 2011, could public-USB attacks have finally gone rogue?
April 5, 2023
In this week’s Secure Software Blogwatch, we ponder the unintended consequences of “transparency.”
March 29, 2023
Purr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.
March 7, 2023
The new National Cybersecurity Strategy will punish big software developers for failing to follow best practices. And, for the first time, make them liable.
March 1, 2023
LastPass has revealed a little more about the vault breach that occurred during August last year. And there are big, big lessons to be learned for DevSecOps teams.