Application Security
Application Security | News, how-tos, features, reviews, and videos
SolarWinds creates new software build system in wake of Sunburst attack
Lessons learned from software supply chain breach lead to innovative and secure development scheme.
Sysdig Secure update adds ability to stop container attacks at runtime
Sysdig's Drift Control detects and stops attempts to run packages or binary files that were added or modified at runtime.
Security startup Cerby debuts with platform to manage shadow IT
The Cerby system automates and streamlines the detection and protection of "unmanageable" applications, providing a platform that centralizes application enrollment, access and monitoring.
Open-source software risks persist, according to new reports
Companies are still struggling to gain confidence in the security of their open-source projects, but shifting security earlier in the development process shows promise.
Palo Alto adds out-of-band web application security features to Prisma Cloud
Vendor says new updates will help organizations better monitor and secure web applications without impacting performance.
How the Secure Software Factory Reference Architecture protects the software supply chain
This breakdown of the Cloud Native Computing Foundation's secure software factory guidance focuses on software provenance and build activities.
The CSO guide to top security conferences, 2022
Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.
For one software maker, an SBOM adds value to the product
At Instant Connect, an SBOM has become part of the product offering, says Chief Product Officer Wes Wells.
Software supply chain security fixes gain prominence at RSA
Attendees are urged to improve asset management, use SBOMs, and collaborate with government cybersecurity agencies to better ensure software integrity.
Sigstore explained: How it helps secure the software supply chain
The free sigstore signing service helps developers establish provenance and integrity of open-source software.
The Open Source Software Security Mobilization Plan: Takeaways for security leaders
The plan from the Linux Foundation and OpenSSF presents three goals to improve open-source software security during development and more effectively address vulnerabilities.
New Mend service auto-detects and fixes code, app security issues
Mend, formerly WhiteSource, announces new service designed to detect and fix code security issues, reduce the software attack surface and application security burden.
Google to launch repository service with security-tested versions of open-source software packages
The paid Assured Open Source Software service will offer common open-source packages after vetting the provenance of its code and dependencies.
Rezilion launches Dynamic SBOM for software supply chain devsecops
Rezilion’s new Dynamic SBOM (software bill of materials) works with its devsecops platform and is designed to help security teams understand how software components are being executed in runtime.
Progress launches Chef Cloud Security to extend DevSecOps to cloud-native assets
The software provider has also enhanced its underlying security and compliance mechanism Chef InSpec with new features.
7 top software supply chain security tools
These tools will help identify vulnerabilities and threats posed by third-party code through software composition analysis and SBOM creation.
23 DevSecOps tools for baking security into the development process
Catch and remediate application vulnerabilities earlier and help integrate security in the the development process with these five categories of DevSecOps tools.