software development
Software supply chain attacks jumped over 300% in 2021
Software supply chain attacks grew by more than 300% in 2021 compared to 2020, according to a study by Argon Security. According to the study, researchers discovered attackers …
Cultivating a security-first mindset for software developers
There is a “great cyber security awakening” happening across companies. Right now, we need a fundamental new approach to development, so we are not constantly firefighting. …
Need to improve application security? Reduce friction between developers and security teams
Tromzo has released the findings from their report, based on a survey of 403 US-based application security practitioners who work at organizations where their development team …
Shifting security further left: DevSecOps becoming SecDevOps
Veracode has revealed usage data that demonstrates cybersecurity is becoming more automated and componentized in line with modern software architectures and development …
How to implement security into software design from the get-go
Software professionals know that the working relationship between developers and security teams can be complicated. Most security professionals feel it’s part of a …
The threats of modern application architecture are closer than they appear
Modern applications and software have evolved as the transition to the cloud was accelerated by widespread digital transformation, as enterprises of all sizes made heavy …
Putting the “sec” in DevSecOps: An overall reduction of risk
In this Help Net Security interview, Cindy Blake, Senior Security Evangelist at GitLab, talks about the importance of integrating security in DevSecOps and how to overcome the …
Securing open-source code supply chains may help prevent the next big cyberattack
The headline-making supply chain attack on SolarWinds late last year sent a shock wave through the security community and had many CISOs and security leaders asking: “Is my …
Malicious Python packages employ advanced detection evasion techniques
JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over …
Lack of API visibility undermines basic principle of security
One of the oldest principles of security is that you cannot secure what you cannot see. Visibility has always been the starting place for monitoring and protecting attack …
GitHub fixed serious npm registry vulnerability, will mandate 2FA use for certain accounts
GitHub has fixed a serious vulnerability that would have allowed attackers to publish new, malicious versions of any existing package on the npm registry. About the fixed …
Illuminating the path: Compliance as the key to security-by-design
Like taxes or going to the dentist, compliance is one of those topics that people often don’t like to contemplate. There are many reasons for the distaste but this …
Featured news
Resources
Don't miss
- 48,000+ internet-facing Fortinet firewalls still open to attack
- Acronis CISO on why backup strategies fail and how to make them resilient
- Ransomware attackers are “vishing” organizations via Microsoft Teams
- Scam Yourself attacks: How social engineering is evolving
- Addressing the intersection of cyber and physical security threats