Collaborate Disseminate
The headline-making supply chain attack on SolarWinds late last year sent a shock wave through the security community and had many CISOs and security leaders asking: “Is my software supply chain secure?” After months of analysis, we know that many (som… Continue reading Securing open-source code supply chains may help prevent the next big cyberattack
Next-generation static application security testing (SAST) and intelligent software composition analysis (SCA) can increase the speed of vulnerability scans and narrow their scope to highlight reachable issues, a ShiftLeft report reveals. This ultimate… Continue reading Increasing speed of vulnerability scans ultimately increases security fixes overall
In this Help Net Security podcast, Tomislav Peričin, Chief Software Architect at ReversingLabs, explains the latest and most destructive supply chain attacks, their techniques and how to build more secure apps. Here’s a transcript of the podcast for yo… Continue reading The destructive power of supply chain attacks and how to secure your code
This post will shed some light on how we were able to optimise one of our frontends, reducing the typical project’s run time by half. We’ll also take a look at some of the pitfalls we encountered and how we can apply our changes to other projects as we… Continue reading An Optimisation Story: Building a Code Scanner for Large Golang Apps
79% percent of the time, third-party libraries are never updated by developers after being included in a codebase – despite the fact that more than two thirds of fixes are minor and non-disruptive to the functionality of even the most complex sof… Continue reading Most third-party libraries are never updated after being included in a codebase
Ascend.io announced results from its research study about the work capacity and priorities of data teams, including data analysts, data scientists, data engineers, and enterprise architects. Conducted in Q2 2021, findings from more than 400 U.S.-based … Continue reading Data teams are discovering the benefits of automation and flexible coding
In the wake of malicious attacks, we often witness everyone focusing on searching for those responsible, as opposed to how or why the attack took place and the most critical lessons that we can learn as a result. This line of thinking is wrong and here… Continue reading Enhancing cyber resilience: What your team needs to know
The low code market continues to grow, increasingly finding adoption for more diverse and serious applications among enterprises and independent software vendors (ISVs). The lingering question of application code security follows, as stories of securit… Continue reading A leadership guide for mitigating security risks with low code platforms
With staffing ratios often more than 200 developers for every AppSec professional, scaling security requires increasing the developer’s engagement in securing the product. To do that, developers must be responsible for the security of the code they wri… Continue reading The basics of security code review
You’d think with all the recent discussion about consent, researchers would more carefully observe ethical boundaries. Yet, a group of researchers from the University of Minnesota not only crossed the line but ran across it, screaming defiantly t… Continue reading University of Minnesota researchers fail to understand consent