OWASP has updated its Top 10 list with key risk areas, and recently added an AppSec tooling guide for AI. Here's what they cover — and what they don't.
Read More about OWASP Top 10 for LLM adds risks: Get on target to secure your AI models
To avoid the next CrowdStrike fiasco, CISA and other agencies recommend embracing safe deployment practices earlier in the SDLC. Here's what you need to know.
Read More about CISA's secure software deployment push: Key takeaways for AppSec teams
Here's why and how to push your application security further into ProdSec — and what that means to achieving the goals of CISA's Secure by Design.
Read More about AppSec vs. product security: Secure by Design demands a strategy shift.webp&w=3840&q=75)
Researcher Alon Leviev warns that the Microsoft Windows compromise posed risks that were structural — stretching well beyond the specific flaws.
Read More about Downgrade attacks open patched systems to malware
Here's what you need to know about connected car security initiatives — and key lessons more broadly from software supply chain security's rough ride.
Read More about Connected car security: Software complexity creates bumps in the road
Operationalizing Third-Party Software Risk Management with Spectra Assure
Read More about CISO Survival Guide: Commercial Software Supply Chain Risk
A multilayered approach to prevent secrets exposure is good strategy — but it must include a final check on all software before it goes out the door.
Read More about Keep your secrets secret: 5 core tips — and a call to action on modernizing
Here's what you need to know about the version 4.12.0 update — and about managing risk from your software, whether it's open source or not.
Read More about OWASP's Dependency-Track tool update: Key changes — and limitations
Chris Romeo shares five key ways to merge modeling with modern software supply chain security — and improve your software risk management in the process.
Read More about Threat modeling and binary analysis: Supercharge your risk strategy
Chris Romeo shares five key ways to merge modeling with modern software supply chain security — and improve your software risk management in the process.
Read More about Threat modeling and binary analysis: Supercharge your risk strategy
Don't just roll the dice with commercial software risk. Here are key lessons from recent attacks for your security team.
Read More about 5 commercial software attacks — and what you can learn from them
With the threat landscape shifting, boosting your market value requires choosing the right certs. Here's what you need to know.
Read More about The best cybersecurity certifications to level up your skills
When developing software there are three options: good, fast, and cheap. But you can only pick two. Here's what that reality means for commercial software risk.
Read More about ‘Good, fast, cheap... Pick two’: Software quality dilemma forces risky decisions
By leveraging modern supply chain security, you can develop better chaos engineering with deeper visibility into all software. Here are key considerations.
Read More about Modernize your chaos engineering with commercial software transparency
The Cybersecurity and Infrastructure Security Agency held its semiannual workshop on software bills of materials recently. Here's what you need to know.
Read More about CISA SBOM-a-rama: 4 key takeaways for software security teams