AI and the software supply chain: Application security just got a whole lot more complicated

AI and the software supply chain: Application security just got a whole lot more complicated

As artificial intelligence (AI) captivates the hearts and minds of business and technology executives eager to generate rapid gains from generative AI, security leaders are scrambling. Seemingly overnight, they're being called to assess a whole new set of risks from a technology that is in its infancy ... Read More
5 reasons why cyber attackers love developers

5 reasons why cyber attackers love developers

When security leaders ask developers to take a security-first mindset, it usually takes the form of how they code or set up related application infrastructure. But developers are becoming a conduit for cybercriminal attacks in far more than the traditional application security arenas ... Read More
MOVEit supply chain cloud security manufacturing remote

MOVEit Attack Strikes US and State Governments

A global attack campaign fueled by a vulnerability in MOVEit Transfer, a popular file transfer application, has now struck the U.S. Department of Energy, several other U.S. agencies and a spate of state government organizations and educational institutions. The reach of these attacks has expanded rapidly over the last few ... Read More
Security Boulevard
5 AI threats keeping SOC teams up at night

5 AI threats keeping SOC teams up at night

The explosion in the use of OpenAI's ChatGPT and other large language models (LLMs) — along with a range of other artificial intelligence (AI) and machine learning (ML) systems — is ramping up the security cat-and-mouse game ... Read More
7 obstacles to SBOM success

7 obstacles to SBOM success

The security and DevOps world is at a fever pitch with proselytizing software bills of material (SBOM). In theory, SBOMs can help organizations bolster their efforts in application security, vulnerability management — and software supply chain security. But as with any emerging security initiative, the practical realities of SBOM usage ... Read More
How to operationalize SBOMs for incident response

How to operationalize SBOMs for incident response

As the cybersecurity industry has endeavored to reduce the risk of software supply chain security flaws, software bills of materials (SBOMs) have received a ton of attention of late, as security pundits have promoted them as a key building block in software supply chain security programs ... Read More
Why 'shift left' is now a dirty term in some security circles

Why ‘shift left’ is now a dirty term in some security circles

The catch-phrase "shift left" has reached peak assimilation in the application security ethos as security pundits, DevOps strategists, app sec pros, and plenty of promoters of the concept have grabbed onto the phrase as shorthand for explaining how software teams can solve the world's software security woes ... Read More
Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All

How bulk pull requests help scale open source bug fixes

The complicated tangle of dependencies in modern software development processes make it tricky to identify dangerous flaws hidden in open-source software (OSS) projects. But the bigger bugaboo has been how to issue fixes to vulnerable projects at a scale that can reduce the attack surface across the entire software supply ... Read More
App sec is addicted to vulnerabilities: Why supply chain security requires evolution

App sec is addicted to vulnerabilities: Why supply chain security requires evolution

As application security professionals and developers seek ways to both prevent new flaws and manage existing vulnerabilities in software, the problems of scale and limited time inevitably rear their heads. Whether it is rooting out vulnerabilities before shipping code, or remediating flaws already in production, there's rarely enough time to ... Read More
Less talk, more action: High hopes for CISA's C-SCRM software supply chain security office

Less talk, more action: High hopes for CISA’s C-SCRM software supply chain security office

The US Cybersecurity and Infrastructure Security Agency (CISA) is making moves in 2023 to put all of its recent policy and guidance work around software supply chain security into action. Earlier this month, the agency announced a risk management office that is meant to help operationalize a lot of the ... Read More