AI and the software supply chain: Application security just got a whole lot more complicated
Ericka Chickowski | | Artificial Intelligence (AI)/Machine Learning (ML), software supply chain security
As artificial intelligence (AI) captivates the hearts and minds of business and technology executives eager to generate rapid gains from generative AI, security leaders are scrambling. Seemingly overnight, they're being called to ...
The Latest Update to the ReversingLabs A1000 Threat Analysis and Hunting Solution
Our customers rely on ReversingLabs A1000 Threat Analysis and Hunting Solution to provide an instant malware lab, delivering static and dynamic analysis. Here, we break down the newest improvements to this necessary ...
The Week in Security: Google Cloud Build permissions can be poisoned, WormGPT weaponizes AI
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, ...
JumpCloud ‘nation state’ phishing attack spotlights third-party risk management
Richi Jennings | | Secure Software Blogwatch, software supply chain security, Third-Party Risk Management (TPRM)
A state-sponsored phishing attack on JumpCloud highlights the importance of strong third-party risk management (TPRM). The big identity service provider believes it was a victim of a sophisticated breach that targeted a few ...
Federal CI/CD security guidance: Been there, done that
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) are telling development organizations to tighten up the security of their development pipelines or face the risk of ...
The Week in Security: Chinese hackers breach government email, AI models easily poisoned
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, ...
CycloneDX 1.5: The next big step for SBOMs and software transparency
CycloneDX is one of the most popular standards for describing the components of an application, including source code, binaries, libraries, and containers. With the latest release of the specification, version 1.5, OWASP, ...
EU-US data transfers back in hotseat: Security of user data adds to privacy concerns
The Europeans say a new agreement with the U.S. means it’s OK to transfer data westwards again. Two previous decisions had been struck down by the EU’s judicial branch, due to the risk ...
Introducing new capabilities to continuously improve software supply chain security
The harsh reality of managing software supply chain risk is that software teams cannot remediate hundreds of issues in one big bang project to improve the software’s risk posture. The aggressive release ...