Supply chain shortages create a cybersecurity nightmare
The White House has recently issued alerts noting that many manufacturers suffer from disrupted supply chains, and rebuilding supply chains is a major priority. Some analysts …
Low code applications are essential for cybersecurity development in applications
One of the biggest changes to the cybersecurity landscape is that developers are now often expected to implement security directly into the applications they’re building as …
Code review: How satisfied are development teams?
Code review remains the biggest influence on improving code quality with unit testing a distant second, a SmartBear survey reveals. With development teams getting larger and …
Open-source code: How to stay secure while moving fast
Open source has transformed the software world, tremendously reducing the cost of introducing new technology by enabling broad reuse across products and industries. However, …
Software supply chain attacks jumped over 300% in 2021
Software supply chain attacks grew by more than 300% in 2021 compared to 2020, according to a study by Argon Security. According to the study, researchers discovered attackers …
Delivering vulnerable signed kernel drivers remains popular among attackers
ESET researchers took an in-depth look into the abuse of vulnerable kernel drivers. Vulnerabilities in signed drivers are mostly utilized by game cheat developers to …
Shifting security further left: DevSecOps becoming SecDevOps
Veracode has revealed usage data that demonstrates cybersecurity is becoming more automated and componentized in line with modern software architectures and development …
How to implement security into software design from the get-go
Software professionals know that the working relationship between developers and security teams can be complicated. Most security professionals feel it’s part of a …
Putting the “sec” in DevSecOps: An overall reduction of risk
In this Help Net Security interview, Cindy Blake, Senior Security Evangelist at GitLab, talks about the importance of integrating security in DevSecOps and how to overcome the …
Securing open-source code supply chains may help prevent the next big cyberattack
The headline-making supply chain attack on SolarWinds late last year sent a shock wave through the security community and had many CISOs and security leaders asking: “Is my …
What is wrong with developer security training?
“Turn a developer into a hacker” is a commonly heard call. There are many online courses and trainings that ostensibly teach developers how to write code that’s …
Increasing speed of vulnerability scans ultimately increases security fixes overall
Next-generation static application security testing (SAST) and intelligent software composition analysis (SCA) can increase the speed of vulnerability scans and narrow their …