software supply chain security
AI and the software supply chain: Application security just got a whole lot more complicated
As artificial intelligence (AI) captivates the hearts and minds of business and technology executives eager to generate rapid gains from generative AI, security leaders are scrambling. Seemingly overnight, they're being called to ...
The Week in Security: Google Cloud Build permissions can be poisoned, WormGPT weaponizes AI
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, ...
JumpCloud ‘nation state’ phishing attack spotlights third-party risk management
A state-sponsored phishing attack on JumpCloud highlights the importance of strong third-party risk management (TPRM). The big identity service provider believes it was a victim of a sophisticated breach that targeted a few ...
Federal CI/CD security guidance: Been there, done that
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) are telling development organizations to tighten up the security of their development pipelines or face the risk of ...
CycloneDX 1.5: The next big step for SBOMs and software transparency
CycloneDX is one of the most popular standards for describing the components of an application, including source code, binaries, libraries, and containers. With the latest release of the specification, version 1.5, OWASP, ...
EU-US data transfers back in hotseat: Security of user data adds to privacy concerns
The Europeans say a new agreement with the U.S. means it’s OK to transfer data westwards again. Two previous decisions had been struck down by the EU’s judicial branch, due to the risk ...
Organizations Need to Establish Trust to Enhance Supply Chain Security
Enhancing the trust and security of the supply chain is on the minds of many a cybersecurity executive today, and will likely be a topic of interest and concern in the months ...
Third-party risk management survey: Prioritize end-to-end software supply chain security — or fail
Awareness of the risks posed by third-party vendors is high among organizations across industries, but visibility into those webs of business connections remains low, a survey released by a provider of third-party ...
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
Executive Summary ReversingLabs researchers recently discovered more than a dozen malicious packages published to the npm open source repository that appear to target application end users while also supporting email phishing campaigns ...
AppSec and Software Supply Chain Security: How Do They Go Together?
AppSec and Software Supply Chain Security are two terms more frequently used as part of DevOps, as well as when considering how to develop a security strategy. Software supply chain attacks are on ...