CISO’s open letter on third-party software risk is a call to action
The accelerated adoption of software as a service (SaaS) has fundamentally changed software consumption patterns, but it has also introduced a significant concentration of risk across enterprise environments and global critical infrastructure ... Read More
Detection as code: How to enhance your real-time threat detection
Detection as code (DaC) is a powerful way for security teams to streamline rule development, automate threat detection, and respond to attacks with greater speed and precision. The DaC approach applies formal software development practices to write, manage, and deploy rules for detecting security threats ... Read More
SaaS risk is on the rise: 7 action items for better management
The rapid rise in the use of SaaS applications — often without the IT organization's knowledge or consent — has spawned a whole new set of challenges for security teams. These include visibility gaps, unmanaged data flows, and an expanding attack surface that traditional tools aren't equipped to handle ... Read More
Secrets leaks increase — and expand beyond the codebase
Organizations that assume secrets protection is solely about scanning public repositories and codebases for API keys, passwords, and tokens may be overlooking a major blind spot ... Read More
AI coding weaponized: What your AppSec team needs to know
Researchers have uncovered a disturbing new supply chain attack vector that threat actors could use to silently introduce and propagate virtually undetectable malicious code into AI-assisted software development projects ... Read More
EPSS is not foolproof: Shift your AppSec beyond vulnerabilities
A new study adds force to the argument that organizations need to look beyond vulnerability remediation when it comes to managing and mitigating software cyber-risk ... Read More
Go beyond vulnerabilities for your AppSec: Here’s why it’s essential
Threat actors exploited 768 unique vulnerabilities in the wild in 2024, marking a 20% increase over the previous year, recent research from VulnCheck shows. That sharp rise in exploit activity involving old, new, and zero-day bugs has made it clear that vulnerability patching cannot be the sole mechanism for protecting ... Read More
Suspicious file analysis: Enhance your SOC to fight sophisticated attacks
With threat actors constantly ramping up the sophistication and volume of their campaigns, file triage has become essential for modern security operations (SecOps) ... Read More
Get real about container security: 4 essential practices to manage risk
The use of container technologies for software development and release has proliferated over the past year, heightening the need for organizations to implement updated security controls and processes to mitigate risk ... Read More
The state of AppSec tooling: Step up to modern software security
Traditional application security testing (AST) tools are out of step with modern development and AppSec practices. In the age of cloud-native architectures, continuous integration/continuous deployment (CI/CD) models, microservices, and containerized environments, and at a time when code changes happen daily — and even hourly — AST products originally built for monolithic ... Read More
