Quantum delivers really random numbers: How that boosts AppSec
Much of the discussion about how quantum computing will impact application security (AppSec) has focused on the catastrophic effects from cracking existing cryptography. But quantum computing can benefit AppSec by enabling the creation of truly random numbers, which is essential to secure development — especially for protecting development secrets more ... Read More
OpenSSF guidelines encourage OSS developers to build securely
Developers have always had a conflicted relationship with security. While they don't want to produce software with security flaws, they don't want to be security experts either. With that in mind, the Open Source Security Foundation (OpenSSF) has released the Open Source Project Security Baseline ... Read More
CISO survey: 6Â lessons to boost third-party cyber-risk management
Third-party cybersecurity incidents are on the rise, but organizations face challenges in mitigating risks arising for the software supply chain, a survey of 200 chief information security officers (CISOs) has found ... Read More
OWASP supply chain security cheat sheet: 5 key action items
Securing the software supply chain is a complex task. For one, it spans the entire software development lifecycle (SDLC). For another, generative AI coding tools and modern development practices are increasing software complexity. The result: Development teams are in the hot seat ... Read More
Generative AI software development boosts productivity — and risk
The use of AI coding assistants is on the rise, and while they can juice a developer's productivity, they also threaten the quality and security of software development, a recent study analyzing millions of lines of code has found ... Read More
The top software development security challenges: The AI’s have it
AI code security, reliability, and data privacy are the biggest challenges facing software development this year, a new survey of software development organizations has found ... Read More
Silent breaches and supply chain exploits: 5 lessons for cyber-teams
"Silent breaches" within interconnected ecosystems dominated the third-party breach landscape in 2024, a report by cyber-risk intelligence company Black Kite has found ... Read More
Secure AI deployment is complicated: 5 ways to get your ducks in a row
The practical and secure implementation of artificial intelligence systems within organizations — starting with the exploration of tools, applications, supply chains, and other components necessary to deploy AI successfully — is the focus of a new report by the Cloud Security Alliance (CSA) ... Read More
What developers think about application security might surprise you
Cybersecurity is often viewed from the point of view of practitioners, which is why the DevSecOps company Jit took a different tack on the subject — and asked developers about their views on application security (AppSec) ... Read More
