AppSec & Supply Chain Security
Software supply chain security by the numbers: 30 stats that matter
Compromises including Log4J, SolarWinds' Orion network management technology, and Progress Software's MoveIT file transfer software have heightened focus on software supply chain security in recent years ...
Memory-safe languages and security by design: Key insights, lessons learned
For more than 50 years, software engineers have struggled with memory vulnerabilities, but it has only been in recent times that serious efforts have been undertaken to get a handle on the ...
7 ways to put your code on a diet — and improve AppSec in the process
Application security (AppSec) struggles mightily with scale. Applications must be protected, dependencies tracked, and vulnerabilities prioritized — it can be dizzying to keep tabs on it all. And most overwhelming of all ...
How CISA’s secure software development attestation form falls short
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the White House’s Office of Management and Budget (OMB) have released their Secure Software Development Attestation Form, a long-anticipated worksheet that asks organizations ...
Gartner outlines top cybersecurity trends — and (spoiler alert) AI is No. 1
Artificial intelligence will be the leading cybersecurity trend in 2024, analyst firm Gartner has predicted in a new release ahead of its upcoming Gartner Security & Risk Management Summit in Sydney, Australia ...
SBOMs and medical devices: An essential step — but no security cureall
The U.S. Federal Government has been hard at work releasing a plethora of guidelines — and mandates — concerning software supply chain security. The initiatives have been aimed at government institutions, their ...
5 reasons you should consider a career in application security
A career in application security (AppSec) can be rewarding, diverse, and challenging. However, as a relatively new domain within cybersecurity, it has not garnered widespread attention among professionals exploring careers in the ...
NIST updates supply chain guidance: 3 ways to pump up your CI/CD security
The final version of guidelines to help organizations secure their software supply chain has been released by the National Institute of Standards and Technology (NIST). The document, "Strategies for the Integration of ...
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
All SBOMs are not created equal: How to make them actionable
With some help from the federal government, software bills of materials (SBOMs) have become an important tool for security teams looking to secure their software supply chains. However, while SBOMs can provide ...