DoD’s Software Fast Track (SWFT) program steps up supply chain risk management via procurement. Here's what you need to know.

Here’s how to achieve crypto-agility and secure your software supply chain with ReversingLabs Spectra Assure’s Cryptography Bills of Materials (CBOM).

Here’s how to achieve crypto-agility and secure your software supply chain with ReversingLabs Spectra Assure’s Cryptography Bills of Materials (CBOM).

Software procurement is risky business. Learn why outdated tooling doesn’t cut it — and how modern technologies can provide much-needed transparency.

Learn how Third-Party Software Risk Management (TPSRM) builds on TPRM and TPCRM to protect against supply chain attacks and software-based threats.

Agentic AI is a different animal for application security red teams. Here's are key takeaways from the Cloud Security Alliance's new guide.

EU steps up to fill gaps caused by problems with the NVD and CVE — at a time when software risks are on the rise. Here's what you need to know.

Triaging and patching, plus meeting compliance demands, all bog down modern software teams — and divert time away from development.

The software supply chain incident highlights how quickly threat actors can turn newly revealed vulnerabilities into widespread attacks.

Policy as Code is emerging as a key area of focus for application security teams in the age of cloud-native software development. But implementation can be daunting.

The new AI Vulnerability Scoring System (AIVSS) picks up where the Common Vulnerability Scoring System (CVSS) falls short.

Application security pros need to be ready to cope with security at the speed of code. Here's how to get a handle on modern software risk.

Here's how to integrate AI-specific risks into your existing security incident response (IR) playbook.

Scott Culp’s formulation still holds true — though some additions are needed that account for software supply chain security. 

Integrated security in AI assistants could help to catch code flaws — but they are only one layer in a comprehensive AppSec strategy.

Here are six lessons learned from the near-miss that was the Amazon Q Developer incident. Don't let luck be your security strategy.

ESET researchers have discovered malware that taps into OpenAI’s large language model to assist in ransomware attacks.

With attacks on popular repositories on the rise, PyPI has moved to head off a common technique for duping developers. Here’s what it accomplishes — and where there’s room for improvement.

Software Supply Chain Security, Threat Intelligence, and Threat Analysis Solutions

A campaign against top maintainers implanted malware in open source packages with more than 2 billion monthly downloads. The target: crypto wallets.