The threat model that DevSecOps teams have been working from for the last decade was built around accidental vulnerabilities — mistakes that needed to be found and fixed before someone exploited them. That assumption is breaking. Vulnerabilities are increasingly being treated as strategic assets, stockpiled by nation-states and threat actors and held back from disclosure […]
Tackling the DevSecOps Gap in Software Understanding
When I first read the recent article from CISA titled “Tackling the National Gap in Software Understanding,” I had the same reaction I imagine many of you did: Well, of course this is necessary. Who in their right mind doesn’t want better visibility into the software used in our most mission-critical systems? But then I […]
RunSafe Security Extends Platform Reach to Build More Accurate SBOMs
RunSafe Security this week added an ability to generate a software bill of materials (SBOM) based on the code actually included in an application before it is deployed in a production environment.
Survey Surfaces Software Supply Chain Security Gains
A survey of 106 leaders and practitioners involved in software supply chain security finds more than three-quarters of respondents (76%) work for organizations that have made software supply chain security a significant or top (24%) priority.
Survey Surfaces Lots of Software Supply Chain Insecurity
A global survey of 900 application security professionals finds nearly two-thirds work for organizations that have had their software supply chains compromised in the past two years.
CISA, NSA Issue Supply Chain Security Guidance Report
The NSA, ODNI and CISA have issued guidance to assist software developers and suppliers in shoring up software integrity and security.
Technical Debt: Don’t Buy Buzzwords
Buying into the ‘next big new shiny thing’ only increases your technical debt. Don MacVittie advises only buying what’s necessary.
The Role of SBOMs in Software Supply Chain Security
The software supply chain has become increasingly complex and dynamic with the rise of cloud computing, open source software and third-party software components and APIs. Widespread damage can occur if third-party APIs, cloud services, SDKs and open source software have security flaws. As a result, software supply chain security has emerged as a critical concern […]
A DevOps Guide to the Language of DevSecOps
Security is increasingly important for DevOps due to the growing complexity of applications and the accelerated pace of development. As organizations adopt DevOps practices, they face new challenges in securing applications and infrastructure: Increased complexity and automated processes: With automation at the core of DevOps, processes and applications are more intricate. This can introduce vulnerabilities […]
Lineaje Unfurls Platform for Creating and Managing SBOMs
Lineaje this week unfurled a platform for creating and managing the software bills of materials (SBOMs) that are increasingly mandated by enterprise IT organizations and government agencies. Fresh from raising $7 million in seed funding, Lineaje CEO Javed Hasan said the SBOM360 platform provides a simpler way to manage all the SBOMs that will soon […]