IT Security
OpenSSF warns of Open Source Social Engineering Threats
Linux dodged a bullet. If the XZ exploit had gone undiscovered for only a few more weeks, millions of Linux systems would have been compromised with a backdoor. We were lucky. But ...
Securing Open Source Software, the Cyber Resilience Act Way
The Eclipse Foundation is spearheading an effort to create a unified framework for secure software development ...
Your AI Might be Lying to You
Simple tests can demonstrate whether a code generator is actually doing what you ask ...
AISecOps: Expanding DevSecOps to Secure AI and ML
AISecOps, the application of DevSecOps principles to AI/ML and generative AI, means integrating security into models' life cycles ...
Cycode Acquires Bearer to Extend ASPM Platform
Cycode has acquired Bearer, a provider of a set of tools for SAST, API discovery and identification of sensitive data ...
Survey Sees Limited DevSecOps Progress Being Made as Vulnerabilities Mount
A recent survey found that, on average, organizations have 55.5 security vulnerabilities each day in their remediation queue, with at least one critical ...
Securing the DevOps Pipeline: Tools and Best Practices
Because of the critical nature of the DevOps pipeline, security is becoming a top priority. Here's how to integrate DevSecOps ...
Why DevOps is Key to Software Supply Chain Security
Organizations can maintain their DevOps momentum while protecting the software supply chain by shifting security left ...
Cycode Brings Generative AI to App Security Posture Management
Cycode's generative AI capabilities in its ASPM platform make it simpler for DevSecOps teams to identify the root cause of vulnerabilities ...
ReversingLabs Applies AI to Better Secure Application Binaries
ReversingLabs launched a binary analysis tool that uses machine learning algorithms to identify risks before and after apps are deployed ...
Veracode Report Shines Spotlight on Massive Application Security Debt
In an analysis of more than a million applications, Veracode found 42% contained flaws that remained unfixed for longer than a year ...
Squaring the Circle: How to Make Public APIs Private
Many API attacks are effectively zero-day, novel attacks that exploit recent and unique changes to specific APIs. Here's how to stop them ...