Existing security practices weren’t designed to tackle today's risks, CSA notes in new guide — making updating tooling essential. 

Researchers studied how well the top frameworks mitigate modern attack techniques. They found serious security gaps.

What does the future of AI security look like? The latest National Defense Authorization Act gives us a glimpse.

Here's why gaining visibility into supply chain threats — and adding controls for software risk — are essential to insurability.

A post-mortem by Trigger.dev shows that you need deep visibility and new application security controls to combat modern supply chain attacks.

The EU’s Cyber Resilience Act introduces a legal obligation for software producers to create, maintain, and retain an SBOM. Are you prepared?

NIST has broadened the scope of its Secure Software Development Framework to include the full SDLC. Here’s what you need to know about v 1.2.

Open-source platforms and developer tooling are targeted as AI coding ramps up risk. Here’s why it’s time to go beyond implicit trust. 

Here are the key guidelines, mandates, frameworks, and industry goals that refined software supply chain security policy in 2025.

ReversingLabs looked at last year’s report in the rear-view mirror. Here’s a retrospective with what the team got right — and wrong.

A months-long compromise of the popular source code editor underscores a diversification of attack methods. Here's why going beyond trust is key.

Here are the key takeaways CISOs and other security leaders should consider for their 2026 third-party cyber risk management (TPCRM) strategies.

Experts say legacy strategies and tooling can’t manage today’s commercial software threats. Here’s why binary analysis is necessary.

Here’s what you need to know about AI agents’ impact on software supply chain security — and what you can do to fight back. 

AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.

AI-generated code is a game changer — requiring embedded, AI-driven application security. Here’s why you need to fight fire with fire.

The tool is a step forward for managing AI coding risk — but it trips on modern supply chain threats because it looks only at source code.

The OpenClaw saga is a case study on the AI threat, demonstrating how it increases supply chain risk.

OWASP has adopted a new container security analyzer to slow information overload from tools. Here’s what you need to know.

Package URLs give software components an exact address to improve vulnerability matching, which reduces alert fatigue and simplifies compliance.