While 2FA and trusted publishing will help, you need tools that give visibility into how packages behave — not just who is publishing.

AI is producing code up to four times faster — but with 10 times more AppSec lapses. Here’s what you need to know to keep software safe.

Vibe coding is not going away — and the threat is real. But are developer tools like VibeSec that shift controls left up to the job?

The Continuous Threat Exposure Management model represents an evolution from CVSS. Here’s what you need to know.

Risk Rubric provides assessments for LLM transparency, reliability, security and more. But it’s only one tool in a comprehensive security tool box.

Google and others are inundating development teams with AI-powered reporting. Are AI-enabled fixes the answer? 

The Open Worldwide Application Security Project’s widely used AppSec priority list is expanding to cover systemic risk to software security.

Existing security practices weren’t designed to tackle today's risks, CSA notes in new guide — making updating tooling essential. 

Researchers studied how well the top frameworks mitigate modern attack techniques. They found serious security gaps.

What does the future of AI security look like? The latest National Defense Authorization Act gives us a glimpse.