Software supply chain security by the numbers: 30 stats that matter
Compromises including Log4J, SolarWinds' Orion network management technology, and Progress Software's MoveIT file transfer software have heightened focus on software supply chain security in recent years ... Read More
5 reasons you should consider a career in application security
A career in application security (AppSec) can be rewarding, diverse, and challenging. However, as a relatively new domain within cybersecurity, it has not garnered widespread attention among professionals exploring careers in the field ... Read More
Are AI development tools exposing your organization? 4 key considerations
Microsoft's soon-to-be-released GitHub Copilot Enterprise option will give organizations an enterprise-grade subscription plan for its AI-powered code-completion tool, which helps developers write code faster ... Read More
The state of container security: 5 key steps to locking down your releases
Container technologies are rapidly transforming application development and deployment practices at many organizations. But they also present a minefield of security risks for the growing number of organizations using the technology to package and deploy modern, microservices-based applications ... Read More
ESF steps up supply chain security guidance with call for binary analysis
One of the more significant aspects of a new document on software supply chain security from the Enduring Security Framework (ESF) is the recommendation of binary analysis and reproducible builds as best practices ... Read More
MFA and supply chain security: It’s no magic bullet
With attackers increasingly targeting developer accounts and using them to poison software builds, manipulate code, and access secrets and data, development teams are under pressure to lock down their development environments ... Read More
The AI executive order: What AppSec teams need to know
The White House's sweeping executive order (EO) on artificial intelligence has put the onus on software vendors to implement proactive measures for assessing and mitigating potential security risks and biases in products that use AI ... Read More
5 best practices for putting SBOMs to work with CI/CD
Software bills of materials (SBOMs) have become a central component of enterprise efforts to secure the software supply chain. President Biden's 2021 Executive Order on Improving the Nation's Cybersecurity, EO 14028, made it a requirement for federal agencies to implement SBOMs when developing software internally or procuring it from external ... Read More
How mature is your open-source risk management? S2C2F helps map out dependencies
The Secure Supply Chain Consumption Framework (S2C2F) from the Open Source Security Foundation (OpenSSF) is a useful resource for enterprise software teams addressing risks from open-source dependencies ... Read More
Docker’s BuildKit adds SBOM attestation capabilities: How they work — and key limitations
Docker added support for build-time attestations and software bills of materials (SBOM) in its BuildKit tool earlier this year, and that gives development teams a way to maintain a complete record of the build process for each image — and the software components within it. BuildKit, Docker's build engine for ... Read More
