Please turn on your JavaScript for this page to function normally.
Karl Mattson
Tackling software vulnerabilities with smarter developer strategies

In this Help Net Security interview, Karl Mattson, CISO at Endor Labs, discusses strategies for enhancing secure software development. Mattson covers how developers can …

Henrik Plate
Detecting vulnerable code in software dependencies is more complex than it seems

In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within …

open source
Trends and dangers in open-source software dependencies

A C-suite perspective on potential vulnerabilities within open-source dependencies or software packages reveals that, while remediation costs for dependency risks are …

Infosec products of the month
Infosec products of the month: August 2024

Here’s a look at the most interesting products from the past month, featuring releases from: Adaptive Shield, AppOmni, ArmorCode, Bitwarden, Cequence Security, ClearSale, …

Infosec products of the week
New infosec products of the week: August 9, 2024

Here’s a look at the most interesting products from the past week, featuring releases from: Rapid7, AppOmni, Contrast Security, Elastic, Cequence Security, Veza, ArmorCode, …

HNS
Endor Labs launches Upgrade Impact Analysis and Magic Patches for SCA market

Endor Labs unveiled two capabilities, Upgrade Impact Analysis and Endor Magic Patches, that fix an expensive and time-consuming problem in the Software Composition Analysis …

shadow egineering
Shadow engineering exposed: Addressing the risks of unauthorized engineering practices

Shadow engineering is present in many organizations, and it can lead to security, compliance, and risk challenges. In this Help Net Security video, Darren Meyer, Staff …

open source
New open-source project takeover attacks spotted, stymied

The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils …

supply chain
Integrating software supply chain security in DevSecOps CI/CD pipelines

NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines (SP 800-204D). In this Help Net Security video, Henrik Plate, …

Curl
Be prepared to patch high-severity vulnerability in curl and libcurl

UPDATE (October 11, 2023, 07:15 a.m. ET): Curl v8.4.0 is out and fixes both CVE-2023-38545, a SOCKS5 heap buffer overflow vulnerability and CVE-2023-38546, a cookie injection …

HNS
Endor Labs raises $70 million to expand into other areas of code and pipeline security

Endor Labs raises $70 million in oversubscribed Series A financing from Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, Section 32, and over 30 …

large language models
LLMs and AI positioned to dominate the AppSec world

As modern software trends toward distributed architectures, microservices, and extensive use of third-party and open source components, dependency management only gets harder, …

Don't miss

Cybersecurity news