
The year in ransomware: Security lessons to help you stay one step ahead
Operation Cronos, a Europol-led coalition of law enforcement agencies from 10 countries, announced in February that it had disrupted LockBit — one of the most prolific ransomware gangs in the world — at “every level” of its operations. Being responsible for 25% to 33% of all ransomware attacks in 2023, ... Read More

Why shift left alone can’t manage your software risk
Application security wouldn’t be what it is today without “shift left,” the concept that security practices should be handled much earlier in the software development lifecycle (SDLC). Shift left brought about new era strategies such as DevSecOps that made security a priority for developers as well as AppSec teams, pushing ... Read More

CISA SBOM-a-rama: 4 key takeaways for software security teams
Since 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been a proponent of software bills of materials (SBOMs) as a tool that can help secure the software supply chain. The policy grew out of the White House’s 2021 Executive Order 14028 and was developed further with the National ... Read More

The SBOM has a long history — but what’s next is what matters
Software bills of materials (SBOMs) are having their day — they're even government-mandated at times. In September 2023, the U.S. Food and Drug Administration issued its final version of “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” The guidance corresponds to the 2023 Consolidated Appropriations Act, ... Read More

What’s in your commercial software?
The concept of software supply chain security (SSCS) has taken center stage over the past few years in the wake of new federal policies, increases in the threats to open-source platforms, and the continuing struggles to patch critical vulnerabilities. However, one of the most under-addressed areas of SSCS is commercial ... Read More

Secure by Demand: Key takeaways for enterprise software buyers
This week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) took a major step forward as it continues to define federal software supply chain security policy. “Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem” serves as the official counterpart to the CISA’s landmark Secure by ... Read More

‘Software Supply Chain Security for Dummies’: 3 takeaways for your team
If you’re a cybersecurity professional working at any modern, connected organization that handles sensitive data and holds valuable intellectual property, the specter of a software supply chain compromise looms large. ... Read More

The Polyfill.io software supply chain attack: Lessons learned
See RL's Joshua Knox break down the Polyfill.io supply chain attack on YouTube ... Read More

How to assess and manage commercial software risk
Five years ago, we didn’t hear much about software supply chain attacks. Today, they’re commonplace. Barely a week goes by without news of malicious or compromised packages tempting developers on open-source repositories such as npm, GitHub, and Python Package Index (PyPI). But although it can seem at times that the ... Read More

What you missed at RSA Conference 2024: Key trends and takeaways
The 32nd annual RSA Conference (RSAC) – one of the biggest cybersecurity shows in North America — was held in San Francisco last week at the Moscone Center. The who's who-event was jam-packed with hundreds of vendors, speaking sessions, and all kinds of goodies ... Read More