software supply chain security

Application programming interfaces (APIs) have become indispensable to the modern enterprise. They're the glue that allows organizations to connect their partners and customers — and the go-to tool that empowers developers to ...

Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver ...

The National Institute of Standards and Technology's new proposed guidelines for integrating software supply chain security into CI/CD pipelines have arrived at an opportune time for security teams, with attacks on the ...

Security teams are faced with more alerts than they can handle. SecurityScorecard and the Cyentia Institute estimate that organizations fix only 10% of the vulnerabilities in their software each month. That's not ...

As organizations seek better ways to establish secure-by-design software, threat modeling can play a huge role in anticipating, avoiding, and planning for potential risks in software across all phases of the software ...

One truism of the cybersecurity world is that attackers have a much easier job than defenders. Malicious cyber actors only need to find a single weak point in the IT armor defending ...

The latest draft of the cybersecurity framework proposed by the National Institute of Standards and Technology is receiving kudos from information security professionals ...

WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...

...

Application security posture management (ASPM) aims to change the conversation and strategy around software supply chain security. Application portfolios are growing significantly, which is creating headaches for security teams that are responsible ...