A survey found only 20% of IT and security professionals are confident in their ability to detect a vulnerability before an app is released.
Vulnerability Management for DevOps Teams: A Practical Guide
The goal of vulnerability management is to close the gap between discovery and resolution, thereby minimizing the window of opportunity for potential cyberattacks.
Lineaje Unfurls Platform for Creating and Managing SBOMs
Lineaje this week unfurled a platform for creating and managing the software bills of materials (SBOMs) that are increasingly mandated by enterprise IT organizations and government agencies. Fresh from raising $7 million in seed funding, Lineaje CEO Javed Hasan said the SBOM360 platform provides a simpler way to manage all the SBOMs that will soon […]
What Developers Need for Software Security Success
Given today’s evolving threat landscape, organizations and businesses in every sector now have a critical need to produce secure software. Criminal gangs, professional attackers and hostile nation-states are employing advanced tactics designed to exploit any vulnerabilities in programs, applications, networks and even raw code. Attackers are constantly finding new ways to bypass even the most […]
GitHub Brings 2FA to JavaScript Package Manager
GitHub has made generally available a two-factor authentication tool for the package manager for JavaScript applications maintained by its NPM, Inc. arm. In addition, all npm packages have been re-signed and there is now an npm command line interface (CLI) command to audit package integrity. Finally, GitHub has added the ability to connect GitHub and […]
The Age of Software Supply Chain Disruption
The software supply chain is swiftly becoming a widespread attack vector, and securing it is now in the spotlight. Software supply chain attacks have become a given in 2022, reports Darktrace. SolarWinds, Kaseya and GitLab are just a few examples of organizations that have been vulnerable to attack in recent years. We’ve also witnessed an increasing […]
One Year Out: What Biden’s EO Means for Software Devs
It has been just over a year since president Biden issued executive order 14028 (EO) to improve the nation’s cybersecurity posture. Despite the Log4j vulnerability and a worldwide increase in ransomware attacks, this EO signaled a major step in improving software security at federal agencies and establishing cybersecurity as a priority for the U.S. government. […]
Codenotary Adds SLSA Framework Support to Advance App Security
Codenotary this week announced it has integrated support for the Supply-Chain Levels for Software Artifacts (SLSA) framework in its free notarization and verification service for ensuring the integrity of code. Moshe Bar, Code Notary CEO, said as the first application security platform to attain SLSA compliance, the company is making it easier for organizations to […]
Secure Software Summit Series: Focus on Preventative Readiness
The connected world economy and the COVID-19 pandemic forced companies to accelerate digital transformation. Sophisticated cybercriminals have seized this forced acceleration to lay the groundwork for cyberwarfare. In reaction to recent attacks ranging from the SolarWinds breach to the recent Log4Shell exploits, many companies have quickly isolated and patched their systems. However, these reactive fixes […]