CISA cybersecurity performance goals: 7 action items to boost your AppSec
The agency's new IT Sector-Specific Goals (SSGs) for application security aim to keep Secure by Design going strong. Here are the top action items.
AppSec & Supply Chain Security
CISA cybersecurity performance goals: 7 action items to boost your AppSec
Get real about container security: 4 essential practices to manage risk
Here are key practices you must implement to protect container workloads — and new controls needed for all software — in the age of supply chain security.
Secure by Design and Secure by Default: You need both to boost AppSec
When it comes to these two security approaches advanced by CISA for locking down your application security, it's not an either/or proposition. Here's why.
OWASP tackles AI security with new NHI Top 10: What you need to know
Identity management is key for security, but AI is bringing a lot more non-humans into the mix. The OWASP list calls attention to this. Here are the top takeaways.
AppSec & Supply Chain Security | January 28, 2025 AI is a double-edged sword: Why you need new controls to manage risk
AI can improve cybersecurity outcomes, but it also represents an entirely new threat. Upgrade your security strategy — and tooling — for the AI age.
BSIMM15 shines light on compliance and AI security
The report emphasizes traditional AppSec practices — but those are no match for new threats from AI/ML. Here's what you need to know.
Going beyond 'shift left': Why shared responsibility is key to risk management
AppSec experts and software risk managers say doing security checks earlier isn't enough. Here's why — and what else organizations should do.
Census III study spotlights ongoing open-source software security challenges
The study, from the Linux Foundation, OpenSSF, and Harvard, highlights key open-source risk areas. Here's what you need to know.
SEC cybersecurity disclosures and lessons to be learned: A timeline
Here’s what the 2024 8-K security-incident filings are all about, lessons to be learned — and the bigger picture for cybersecurity.
U.K. cybersecurity chief warns of gap between risks and defenses
The new NCSC lead warned that cybersecurity risk is 'widely underestimated.' But experts say AI could close the gap — if the industry comes together.
SEC action raises the bar on software transparency
Four firms have been fined for playing down how the SolarWinds attack impacted them. It’s part of a government push for greater supply chain transparency.
AI-based fuzzing targets open-source LLM vulnerabilities
Google researchers using OSS-Fuzz have identified 26 vulnerabilities, but experts warn that AI fuzzing is not a panacea for AI/ML security.
The state of AppSec tooling: Step up to modern software security
Organizations are struggling with outdated tools. Here's what you need to know about modernizing your AppSec tooling for today's supply chain threats.
Why shift left alone can't manage your software risk
The state of application security was on the agenda at the Elephant in AppSec Conference. One clear takeaway: Modern threats demand an all-in approach.
Software liability gets real: 5 ways to get ahead of the EU's new directive
Here's what your organization needs to know about the Product Liability Directive — and how to avoid any slip-ups.