The NVD does not tell the full story. Attacks on open source components and repositories are surging. Here's why the NVD — and your software security approach — needs to be modernized. Plus: Download the full NVD Analysis 2022 report.
Lots happened in Vegas last week. Most of it should have stayed in Vegas. But some of it bears digging out from piles of mediocre nonsense.
There have been countless warnings on the high probability of attackers targeting critical infrastructure, Zetter argues. The problem: The gap between best security practices and the industry's actual practices.
ConversingLabs' Paul Roberts chatted with researchers Iain Smart & Viktor Gazdag of NCC Group about their research into attacks on CI/CD pipelines.
ConversingLabs chatted with Black Hat Speaker Patrick Wardle, who joined us to talk about unauthorized algorithm use.
GitHub updated guidance on using its Copilot AI-powered code bot after researchers demonstrated at Black Hat that it often generates vulnerable code.
Krebs argued the community needs to analyze these four factors to answer the question of where this industry is going: technology, bad actors, government, and people.
New on ConversingLabs: ReversingLabs' Paul Roberts discusses Adam Shostack's talk at Black Hat.
Black Hat is set to return next week with two years of pent up cybersecurity research and discoveries. Here are the talks you don't want to miss.
Black Hat is best known for hardware and traditional software exploits, but this year it showcases more software supply chain security issues—marking the shift in the threat landscape.
Come by our booth and get yourself a limited edition secure.software T-shirt!
Grab some cool stickers from our booth featuring Armando, the secure.software armadillo.
