secure by design Archives

The Treatment Was Successful. Unfortunately the Patient Died

Alan Shimel | April 14, 2026 | AI defensive tools, AI security agents, AI vulnerability discovery, Anthropic Mythos, automated exploit generation, core collapse theory, cyber nirvana, cybersecurity AI, cybersecurity market disruption, Glasswing, Jen Easterly, machine-speed patching, Rich Mogull, secure by design, Software Resilience, software-vulnerabilities, Vulnerability Research, Vulnpocalypse

Explore the debate between "Cyber Nirvana" and the "Vulnpocalypse" as AI tools like Anthropic’s Mythos threaten to collapse the traditional security model in a "supernova" event ...

Security Boulevard

The EU CRA – Treating Cybersecurity as Product Liability

Mark Rasch | March 30, 2026 | December 2027 Compliance, EU AI Act Interplay, EU Cyber Resilience Act (CRA), Horizontal Cybersecurity Requirements, IoT Security Regulation, Product Safety Law, product security lifecycle, Regulation (EU) 2024/2847, secure by design, September 2026 Reporting, Software Bill of Materials (SBOM), Supply Chain Transparency., Vulnerability Handling

The EU's Cyber Resilience Act (Regulation 2024/2847) shifts cybersecurity responsibility upstream. Explore the March 2026 guidance on secure-by-design requirements, software bills of materials (SBOM), and the impact on U.S. manufacturers ...

Security Boulevard

The Danger of Treating CyberCrime as War – The New National Cybersecurity Strategy

Mark Rasch | March 27, 2026 | 2026 National Cyber Strategy, Adversary Disruption, Critical Infrastructure Protection, Cyber Deterrence, Cyber Power Projection, Cybercrime Economics, Cybersecurity Incentives, Federal Cybersecurity Posture, national security policy, Office of the National Cyber Director, Private Sector Cooperation., ransomware mitigation, Regulatory Burden, secure by design, Threat Actor Profiling

The March 2026 Cyber Strategy shifts focus from private sector compliance to national power and adversary disruption. Explore the tension between geopolitical deterrence and the economic realities of cybercrime ...

Security Boulevard

resilience, SaaS, risk, security, Grip, SaaS adoption, security, , AI tools, vulnerabilities, applications, security, AppOmni, SaaS, security, cybersecurity, SaaS, Palo Alto, third-party vendors, SaaS security, CISO, SSPM, SaaS security, SentinelLabs AppOmni Valence SaaS security Thirdera SaaS management SSPM CISOs SaaS

The Cyber Resilience Act and SaaS: Why Compliance is Only Half the Battle

The EU’s Cyber Resilience Act is reshaping global software security expectations, especially for SaaS, where shared responsibility, lifecycle security and strong identity protections are essential as attackers increasingly “log in” instead of ...

Security Boulevard

Secure by Design Principles

SSOJet - Enterprise SSO & Identity Solutions | November 25, 2025 | enterprise SSO security, secure by design

Explore Secure by Design principles for Enterprise SSO. Learn how to integrate security into your SSO architecture early for robust protection and compliance ...

SSOJet - Enterprise SSO & Identity Solutions

GenAI, multimodal ai, AI agents, CISO, AI, Malware, DataKrypto, Tumeryk,

Governing the Unseen Risks of GenAI: Why Bias Mitigation and Human Oversight Matter Most

From prompt injection to cascading agent failures, GenAI expands the enterprise attack surface. A governance-first, security-focused approach—rooted in trusted data, guardrails, and ongoing oversight—is now critical for responsible AI adoption ...

Security Boulevard

Security Degradation in AI-Generated Code: A Threat Vector CISOs Can’t Ignore

Matias Madou | November 14, 2025 | AI coding assistants, AI safety research, AI-generated code vulnerabilities, CISO priorities, code security study, developer upskilling, DevSecOps and AI, feedback loop security, Human/AI collaboration, iterative code degradation, LLM security risks, secure by design, Secure SDLC, Static Analysis, vulnerability introduction

A new study shows LLMs introduce more vulnerabilities with each code iteration, highlighting critical risks for CISOs and the need for skilled human oversight ...

Security Boulevard

Differences Between Secure by Design and Secure by Default

SSOJet - Enterprise SSO & Identity Solutions | October 17, 2025 | CIAM, Enterprise SSO, secure by default, secure by design

Explore the differences between Secure by Design and Secure by Default in Enterprise SSO & CIAM. Learn how each approach impacts security, usability, and development ...

SSOJet - Enterprise SSO & Identity Solutions

From Awareness to Assurance in Federal Software Development

Antoine Harden | October 16, 2025 | Automation, Federal, government, SBOM, secure by design, software bill of materials

Nothing brings the value of cybersecurity into focus quite like being in the throes of a breach. As we approach the mid-point of National Cybersecurity Awareness Month, it's a good time to ...

2024 Sonatype Blog

Photograph of a sign posted on a screen door, saying "Be Aware of the Word's + Action's you chose here. All is being recorded for reviewing"

Secure-by-Design has an Incentive Problem

Nishant Kaushik | June 11, 2025 | CISO, Compliance, incentives, Insight IdM, secure by design, Security Architecture

In my last blog post, I argued that we don’t need more innovation invention to fix the broken state of SaaS and cloud security that Patrick Opet’s open letter was calling out ...

Talking Identity

secure by design

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On