Axios: How AppSec teams should respond
Here's a mitigations checklist and best practices. Plus: How RL’s xBOM and Spectra Assure Community can help.
AppSec & Supply Chain Security
Axios: How AppSec teams should respond
How JPMC tackles software ‘trust debt’
JPMorgan Chase CISO Patrick Opet discussed his letter on third-party software risk — and how that has played out.
GenAI Security Project ramps up guidance
With AI ramping up risk, OWASP stepped up its project to help AppSec teams get up to speed — and take action.
AppSec as attacker: Inside Trivy–LiteLLM
The perimeter isn't your firewall — it's your CI/CD pipeline. Here’s what to know about TeamPCP's supply chain attack.
Decouple SIEM data to reshape your AppSec
Shift to a data security pipeline platform to get software visibility that modern supply chain threats demand.
How AI agents can weaponize IDEs
Research shows that AI coding can tap integrated development environments to become privileged insider threats.
OpenClaw lesson: AI agents are a black hole
AI agents create novel attack surfaces and control issues that require rethinking assumptions — and AppSec tooling.
OWASP adopts DockSec: Why it matters
OWASP has adopted the container security tool to slow information overload. Here’s what you need to know.
OpenClaw and AI risk: 3 AppSec lessons
The OpenClaw saga is a case study on the threat from agentic AI, showing how it increases software risk.
Claude Code Security: The pros and cons
The new tool is a step forward on AI coding risk — but it trips on modern threats because it looks only at source code.
AI-native AppSec: What it is — and why it matters
AI coding is a game-changer — and requires AI-powered application security to fight fire with fire.
BSIMM16 confirms: AI redefines AppSec
AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.
How AI agents upend supply chain security
Here’s what you need to know about their impact on software security — and what you can do to fight back.
Commercial software risk: New controls required
Legacy strategies and tooling can’t manage today’s software threats. Here’s why binary analysis is necessary.
Gartner® CISO Playbook for Commercial SSCS: 3 key insights
Here are the takeaways CISOs and other security leaders should consider for their TPCRM strategies.