Secure by Design and Secure by Default: Why you need both for AppSec
The relationship between the two software security initiatives promoted by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) can be misunderstood. Sometimes Secure by Design and Secure by Default are even pitted against each other. The reality is, though, that they are complementary approaches to security ... Read More
The OWASP NHI Top 10 and AI risk: What you need to know
Identity management has long been a pillar of any sound cybersecurity program, ensuring that only authorized persons and machines have access to specific data and systems. Today, the rapid adoption of artificial intelligence (AI) is making it much more complicated to manage the identities of machines, making the appearance of ... Read More
BSIMM15 highlights compliance and AI security: Why modern tooling is key
An increase in compliance activities such as the creation of software bills of materials (SBOMs), performing software composition analysis (SCA) scans on code repositories, and securing the attack surface created by artificial intelligence (AI) applications are among the key software security trends highlighted in the latest edition of the Building ... Read More
Securing generative AI: 5 action items to protect your organization
Generative AI applications can be a rich source of opportunity for increased productivity and innovation for organizations. At the same time, they are fast becoming a headache for security teams. In a recent report, titled "The State of Attacks on GenAI," Pillar Security cautioned that "the unchecked proliferation of AI ... Read More
Census III study spotlights ongoing open-source software security challenges
Backward incompatibilities, the lack of standard schemas for components, and projects staffed by too few developers are just some of the risks threatening the security of free and open-source software (FOSS), a study released by the Linux Foundation, the Open Source Security Foundation (OpenSSF), and Harvard University has found ... Read More
U.K. cybersecurity chief warns of gap between risks and defenses
A warning issued by the new head the United Kingdom's National Cyber Security Centre (NCSC) should be sobering to cybersecurity pros everywhere. Speaking at the agency's headquarters on Tuesday, Richard Horne declared that the cyber-risks faced by his nation and its allies are widely underestimated. ... Read More
AI-based fuzzing targets open-source LLM vulnerabilities
Google recently announced a milestone in finding vulnerabilities in open-source software using automated fuzzing tools enhanced by artificial intelligence (AI). Twenty-six new vulnerabilities — including a critical one in the OpenSSL library — were discovered in open-source projects. All were found using AI-generated and -enhanced fuzz targets ... Read More
CISA’s secure software deployment push: Key takeaways for AppSec teams
In July, a botched software update by CrowdStrike led to millions of Windows systems crashing worldwide, resulting in $10 billion in financial damage, by some estimates. Recent guidance released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Australian Signals Directorate aims at preventing another such ... Read More
OWASP Top 10 for LLM and new tooling guidance targets GenAl security
New guidance for organizations seeking to protect the generative AI tools they're running has been released by the OWASP Top 10 LLM Applications Security Project ... Read More
