CISA’s secure software deployment push: Key takeaways for AppSec teams
In July, a botched software update by CrowdStrike led to millions of Windows systems crashing worldwide, resulting in $10 billion in financial damage, by some estimates. Recent guidance released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Australian Signals Directorate aims at preventing another such ... Read More
OWASP Top 10 for LLM and new tooling guidance targets GenAl security
New guidance for organizations seeking to protect the generative AI tools they're running has been released by the OWASP Top 10 LLM Applications Security Project ... Read More
NIST’s NICE: 3 ways to adapt the hiring framework for modern threats
The National Initiative for Cybersecurity Education's cybersecurity hiring framework may be a good place to start when putting together a solid security team. However, some changes are needed for NICE to equip teams with the knowledge, skills — and distinct roles — to enhance your software supply chain security (SSCS) ... Read More
OWASP’s Dependency-Check tool update: Key changes — and limitations
The Open Web Application Security Project (OWASP) has released a new version of its dependency-check tool, which can identify known vulnerabilities in third-party software components, measure and enforce policy compliance, respond to identified vulnerabilities, prioritize vulnerability mitigation, triage findings and policy violations, and produce a CycloneDX-based software bill of materials ... Read More
AI and cybersecurity: Modernize your SecOps to tackle today’s threats
Much has been written about the threats artificial intelligence (AI) can pose to an organization's security, but the technology can be transformative for security teams as well, helping them tackle the key challenges they face. In recent keynote speeches at BSides and RVAsec, Caleb Sima, chair of the Cloud Security ... Read More
Modernize your cybersecurity skills: Top certifications to pump up your career
A host of new cyberthreats (many targeting the software supply chain, for example) and burgeoning technologies (AI, anyone?) have increased organizations' cyberattack risks — and spurred the creation of new professional certifications to foster the skills needed to meet those challenges. But which skills are in the most demand? ... Read More
Modernize your chaos engineering with commercial software transparency
While surprise is a major advantage in battle, it's a nightmare for application security (AppSec) teams. That's why they turn to chaos engineering. It introduces controlled failures into systems to identify vulnerabilities and build up the organization's resiliency. Simulating real-world attacks and disruptions lowers the risk of surprise, addresses potential ... Read More
SBOMs and your org: Go beyond checkbox security to manage risk
Software bills of materials (SBOMs) have moved to the forefront of the battle to protect software pipelines, advanced by heightened awareness of the need for software supply chain security, as well as a nudge from the federal government and industry standards bodies. However, creating SBOMs needs to be more than ... Read More
Supply chain risk make software stack visibility essential
Visibility into the software that organizations and their suppliers use has become a cornerstone of supply chain security. That's the bottom line from a recent panel discussion among experts at a webinar sponsored by the IT GRC Forum, which focuses on governance, risk management, and compliance. ... Read More
