Credentials, Risk, and The Supply Chain: Lessons to Learn From The Codecov Breach
It seems like there’s a data breach disclosed every day. They come in a variety of forms and from all possible industries and verticals. However, some The post Credentials, Risk, and The ...
What You Need to Know about the Codecov Incident: A Supply Chain Attack Gone Undetected for 2 Months
Last week, software testing firm Codecov disclosed a noteworthy security incident that gained the attention of the U.S. federal government investigators ...
Sentry, GitHub Use AI to Help Fix Coding Errors
Developers are getting more help detecting and addressing bugs in their code through new AI-based tools that Sentry.io and GitHub each introduced this week. Sentry unveiled the beta of Autofix, a feature ...
What is a software bill of materials?
Understand the importance of a Software Bill of Materials (SBOM) and how it helps manage security, license, and operational risks in open source usage.The post What is a software bill of materials? ...
Microsoft Under Attack by Russian Cyberattackers
Understand how these attackers are operating and what their tactics mean for security strategies ...
Software supply chain security: Upgrade your AppSec for a new era
The software supply chain security landscape has shifted considerably over the last year. Two of the most significant changes have been the move to a more formalized definition of the term "software ...
CI/CD Pipeline Security: Best Practices Beyond Build and Deploy
CI/CD Pipeline Security Given the demand for rapid innovation and the adoption of agile methodologies, Continuous Integration/Continuous Deployment (CI/CD) pipelines have become the foundation on which all DevOps processes are built. They ...
Cloud Risk Management: The DevOps Guide
For DevOps software developers, navigating the cloud landscape without a clear understanding of risks is equivalent to walking into a minefield blindfolded. Cloud risk management, therefore, The post Cloud Risk Management: The ...
Mastering SDLC Security: Best Practices, DevSecOps, and Threat Modeling
In the ever-evolving landscape of software development, it’s become absolutely paramount to ensure robust security measures throughout the Software Development Lifecycle (SDLC). Need proof? In the last three years alone, we’ve witnessed ...
MFA and supply chain security: It’s no magic bullet
With attackers increasingly targeting developer accounts and using them to poison software builds, manipulate code, and access secrets and data, development teams are under pressure to lock down their development environments ...