The Cybersecurity and Infrastructure Security Agency (CISA) and federal intelligence agencies have released guidance titled Securing the Software Supply Chain for Developers.

In a new podcast episode, Erez Yalon, Vice President of Security Research at Checkmarx, talks how security leaders can avoid common cybersecurity mistakes in their organizations.

Now more than ever, it’s important to instill trust in the software supply chain. Code signing can help organizations ensure the security of their software supply chain.

DevSecOps, a software engineering philosophy that integrates security and development, can aid enterprise cybersecurity efforts.

Application security remains a wide attack vector for cybercriminals, but cybersecurity leaders can use tools to better detect vulnerabilities in their applications and software supply chains.

The majority (95%) of organizations have experienced an API security incident in the past 12 months, according to Salt Security’s Salt Labs State of API Security Report, Q1 2022.

How and when security measures are integrated into application development can greatly change the vulnerability level of software. Compare two cybersecurity strategies: DevSecOps and SecDevOps to see which makes more sense for your organization.

Organizations are moving to multi-cloud environments in droves, largely because the cloud is fast, agile and powerful. But is it secure? Inherently — no.  

Where does the responsibility for code vulnerabilities lie, and how can cybersecurity leaders address these vulnerabilities? Find tools for determining the security of code and mitigating cyber risk in your organization.

Incidents tend to happen at the seams and cracks of your organization, where the automation is incomplete, observability is not omniscient, and humans are still in the loop. Our blind spots are constantly evolving, and we must update our mental models of how to approach security accordingly.