The push to create more detailed, reliable, and mature BOMs with sufficient detail and depth to counter supply chain attacks continues to advance with the latest OWASP model.
The soon-to-be-released scoring system update has promise, but challenges remain for it to deliver exactly what CISOs need to get ahead of the latest vulnerabilities.
The third iteration of the Exploit Prediction Scoring System helps security teams prioritize vulnerabilities through prediction.
The US National Security Agency and CISA have published a set of guidelines to help secure systems from access- and identity-based threats. Here’s what to look for in this wide-ranging document.
The Relational Database Service from AWS can help streamline a host of cloud storage operations, but maintaining security requires some attention on the part of the user. Here are some best practices for using RDS.
The Exploit Prediction Scoring System has its shortcomings, but it can complement CVSS to help better prioritize and assess vulnerability risk.
An open-source program office (OSPO) can act as both gatekeeper and evangelist in an organization’s struggle to ensure ubiquitous open-source components – incredibly useful but vulnerable to bad actors and misuse – are deployed safe
The U.S. NSA, CISA and ODNI created the Securing the Software Supply Chain guide to focus on the software development lifecycle.