Supply chain security: Is technical debt weighing your team down?
Rampant lapses in software supply chain security don't manifest suddenly. They build up over months and years, one out-of-date component, overly permissive account, or misconfigured API at a time. And over time, these gaps mount up, like bad credit card debt on the ledger of supply chain security ... Read More
Risk modeling initiative aims to expose the ‘hiddenness of knowledge’ in the supply chain
As Google's collaborative project known as the Graph for Understanding Artifact Composition (GUAC) starts to gain steam, the firm is bolstering its investment in dependency mapping by supporting a new project on top of GUAC that is geared toward risk modeling ... Read More
AI and the software supply chain: Application security just got a whole lot more complicated
As artificial intelligence (AI) captivates the hearts and minds of business and technology executives eager to generate rapid gains from generative AI, security leaders are scrambling. Seemingly overnight, they're being called to assess a whole new set of risks from a technology that is in its infancy ... Read More
5 reasons why cyber attackers love developers
When security leaders ask developers to take a security-first mindset, it usually takes the form of how they code or set up related application infrastructure. But developers are becoming a conduit for cybercriminal attacks in far more than the traditional application security arenas ... Read More
MOVEit Attack Strikes US and State Governments
A global attack campaign fueled by a vulnerability in MOVEit Transfer, a popular file transfer application, has now struck the U.S. Department of Energy, several other U.S. agencies and a spate of state government organizations and educational institutions. The reach of these attacks has expanded rapidly over the last few ... Read More
5 AI threats keeping SOC teams up at night
The explosion in the use of OpenAI's ChatGPT and other large language models (LLMs) — along with a range of other artificial intelligence (AI) and machine learning (ML) systems — is ramping up the security cat-and-mouse game ... Read More
7 obstacles to SBOM success
The security and DevOps world is at a fever pitch with proselytizing software bills of material (SBOM). In theory, SBOMs can help organizations bolster their efforts in application security, vulnerability management — and software supply chain security. But as with any emerging security initiative, the practical realities of SBOM usage ... Read More
How to operationalize SBOMs for incident response
As the cybersecurity industry has endeavored to reduce the risk of software supply chain security flaws, software bills of materials (SBOMs) have received a ton of attention of late, as security pundits have promoted them as a key building block in software supply chain security programs ... Read More
Why ‘shift left’ is now a dirty term in some security circles
The catch-phrase "shift left" has reached peak assimilation in the application security ethos as security pundits, DevOps strategists, app sec pros, and plenty of promoters of the concept have grabbed onto the phrase as shorthand for explaining how software teams can solve the world's software security woes ... Read More
How bulk pull requests help scale open source bug fixes
The complicated tangle of dependencies in modern software development processes make it tricky to identify dangerous flaws hidden in open-source software (OSS) projects. But the bigger bugaboo has been how to issue fixes to vulnerable projects at a scale that can reduce the attack surface across the entire software supply ... Read More
