Providing a Safe Harbor From Liability for Software Producers
An image of a life preserverOn March 2023 the White House released a new National Cybersecurity Strategy . The strategy outlines a list of 5 pillars the White House considers critical to improving ...
Charting the Future of SBOM: Insights From CISA’s New Guide: Shifting the Balance of Cybersecurity…
Charting the Future of SBOM: Insights From CISA’s New Guide: Shifting the Balance of Cybersecurity RiskOn April 2023 CISA released a new joint guide for software security called Shifting the Balance of ...
What Happens When an AI Company Falls Victim to a Software Supply Chain Vulnerability
An image illustrating AI goes wrongOn March 20th OpenAI took down the popular generative AI tool ChatGPT for a few hours. It later admitted that the reason for the outage was a software ...
What We Can Learn From CISA’s SBOM Sharing Lifecycle Report
An abstract image of documents sharingOn April 2023 DHS, CISA, DOE, and CESER released a report titled ‘Software Bill of Materials (SBOM) Sharing Lifecycle Report ‘. The purpose of the report was ...
Using the 3CX Desktop App Attack To Illustrate the Importance of Signing and Verifying Software
illustration of approved softwareIn late March 2023, security researchers exposed a threat actor’s complex software supply chain attack on business communication software from 3CX, mainly the company’s voice and video-calling desktop app. The ...
How confident are you with what’s really happening inside your CI/CD pipeline?
How confident are you with what’s really happening inside your CI/CD pipeline? The elements you should be securing, and howPipeline securityCI/CD pipelines are notoriously opaque as to what exactly takes place inside. Even ...
What can you do with an SBOM today?
Software Bill Of Materials BlueprintWe can all agree that computer software is a complicated construct composed of numerous diverse components. Open-source software is becoming ever more common as a building block in ...
The story of the OpenSSL patch 3.0.7 and the lessons you can learn from it
OpenSSL is a widely-used open-source software library for implementing secure communications over computer networks. How widely used? Well, chances are that if you’ve ever accessed an HTTPS web page you did so ...
Defending Your Digital Services: An Inside Look at the European Cyber Resilience Act
Successful cyberattacks against both hardware and software products are becoming disturbingly frequent. According to Cybersecurity Ventures, cybercrime cost the world an estimated 7 trillion USD in 2022. With such a high price ...
From Vulnerability to Victory: Defending Your CI/CD Pipeline
Automated CI/CD (Continuous Integration/Continuous Delivery) pipelines are used to speed up development. It is awesome to have triggers or scheduling that take your code, merge it, build it, test it, and ship ...
