Building an AppSec Program, AI Exploiting Vulns, Compliance as Code, Artifact Attestations
Shifting left!, Google lays off Python team, hardened container images, and more!
Korea fears AI supply chain, GitHub hosts malware, Microsoft AD account compromise, EPSS Predicts Exploitability, and DataDog's State of DevSecOps
CISA releases Next-Gen Malware Analysis, Sisense's Security Slip-Up, Debating SAST's Value, Secure Defaults!
Neglecting the National Vulnerability Database: A Flaw We Can't Afford
Top 10 threats for 2030, End-of-life containers can mean 400+ CVEs per year, A review of zero-day in-the-wild exploits, and more!
xz/liblzma backdoor, PyPi suspends user registrations, OSV-Scanner offers guided remediation, and Chief AI Officers
Semgrep Assistant, GitHub Copilot, Active Exploitation Targeting the Ray AI Framework, Stay Safe from Repo-Jacking, and more!
Manager admits to SIM Swapping, GitGuarding State of Secrets, Comparing Dependabot/Semgrep/Snyk
Ex-Google Software Engineer Charged, Secure Software Development Attestation Form, NVD vulnerability reviews on pause