Inside the EmEditor supply chain compromise
By combining early infrastructure detection with supply chain security controls you can give your defenders a leg up.
Featured
Inside the EmEditor supply chain compromise
RL SSCS Report 2026: 5 key takeaways
OSS and dev tools are targets as AI risk rises. Learn more in the Software Supply Chain Security Report 2026.
RL SSCS Report 2026: A guidance timeline
Here are the guidelines, mandates, frameworks, and goals that have refined software supply chain security policy.
Latest
Inside the EmEditor supply chain compromise
By combining early infrastructure detection with supply chain security controls you can give your defenders a leg up.
How AI coding is breathing new life into Rust
AI tools are making Rust a favorite language of developers — even those maintaining codebases like Microsoft’s.
RL SSCS Report 2026: A guidance timeline
Here are the guidelines, mandates, frameworks, and goals that have refined software supply chain security policy.
RL SSCS Report 2026: 5 key takeaways
OSS and dev tools are targets as AI risk rises. Learn more in the Software Supply Chain Security Report 2026.
Anthropic’s PSF investment: Why it matters
Here’s what the $1.5M investment in the Python Software Foundation will mean for AI coding and open-source security.
SSDF 1.2 sees AppSec as a journey
NIST has broadened the Secure Software Development Framework to include the full SDLC. Here’s why it matters.
Mandatory SBOMs: Why CRA matters
The EU’s Cyber Resilience Act legally obliges software producers to create and maintain an SBOM. Are you prepared?
Why governance is key to safe AI adoption
A new CSA report stresses getting out in front of AI risk — and why it matters for SecOps.
Shai-hulud post-mortem: A call to action on AppSec
Trigger.dev's experience shows that you need modern controls to combat today's supply chain attacks.
Adversarial AI is on the rise: What you need to know
Researchers explain that as threat actors move to AI-enabled malware in active operations, existing defenses will fail.
How supply chain risk can affect cyber insurance
Gaining visibility into supply chain threats — and adding controls for software risk — are essential to insurability.
AI technical debt: What it is — and why it matters
AI platforms exacerbate existing security risks. Here’s what you need to know to stay out of technical debt.
Unpacking the packer ‘pkr_mtsi’
This RL Researcher’s Notebook highlights the packer’s evolution — and offers a YARA rule to detect all versions.
SF² aims to help you scale SecOps wisely
The Software Factory Security Framework eyes scaling SecOps as a resource problem — not just head count.
AI is upending file security. Here’s how to fight back
As attacks become AI-optimized and internal AI use rises, enterprises need to modernize their file security strategy.