Rust on Android goes bare metal: 3 key mobile security benefits
A milestone in the software industry's move toward safer programming languages was reached last week with Google's announcement that it is extending the use of Rust into bare-metal Android environments ... Read More
The evolution of app sec: Getting off the scan-and-fix hamster wheel remains elusive
Over the last 20 years, cybersecurity has changed a lot, but one thing has remained resistant to change: scanning resources for defects and fixing them. Now may be the time to hop off that scan-and-fix hamster wheel, argues Chris Romeo, CEO of the threat modeling company Devici, in a recent Security ... Read More
5 ways APIs can be the weak link in supply chain security
Application programming interfaces (APIs) have become indispensable to the modern enterprise. They're the glue that allows organizations to connect their partners and customers — and the go-to tool that empowers developers to produce innovative applications quickly and efficiently ... Read More
NIST supply chain security guidance for CI/CD environments: What you need to know
The National Institute of Standards and Technology's new proposed guidelines for integrating software supply chain security into CI/CD pipelines have arrived at an opportune time for security teams, with attacks on the software supply chain increasing in volume and sophistication ... Read More
EPSS vs. CVSS: Exploit prediction could change the game on software risk management
Security teams are faced with more alerts than they can handle. SecurityScorecard and the Cyentia Institute estimate that organizations fix only 10% of the vulnerabilities in their software each month. That's not a good outcome for software security — nor for overworked application security and security operations teams ... Read More
NIST CSF 2.0: What it means for modern software supply chain risk management
The latest draft of the cybersecurity framework proposed by the National Institute of Standards and Technology is receiving kudos from information security professionals ... Read More
20 application security pros you should follow
Keeping current with the latest developments in application security can be challenging and time-consuming. One way to make it less so is to have a go-to list of active online application security pros to follow who can keep you up to date on the latest security threats and trends, as ... Read More
CISA’s Secure by Design: Too much, too soon?
In April, the federal Cybersecurity and Infrastructure Security Agency (CISA) pledged to shift the balance of risk in software and technology products by prodding organizations to secure their technology wares by design and by default ... Read More
Rust programming language progress report: New threat modeling, tools bolster supply chain security
The group dedicated to securing Rust — one of the hottest programming languages among development teams today, one embraced by Microsoft, Amazon, and the U.S. government — issued its first progress report last week ... Read More
