Security | News, how-tos, features, reviews, and videos
CISOs are still hampered by bad assumptions and outdated approaches. They should be involved in decisions from day 1 to address unique business needs.
VC-backed up-and-comers zero in on devsecops, the software supply chain, and securing the software development life cycle.
GitHub Artifact Attestations, based on Sigstore, signs and verifies the integrity of software artifacts in GitHub Actions workflows.
It seems to be fair game now to label cloud security as risky even though your data is likely safer there than on-premises.
A new managed signing service on Azure offers low-cost, low-touch code signing with integration into GitHub Actions.
State of DevSecOps report finds 90% of Java services susceptible to vulnerabilities in third-party libraries.
How the CAKES stack, centered on Kubernetes, addresses API, networking, security, and compliance challenges while speeding up delivery and lowering costs.
Rust 1.77.2 point release addresses a critical vulnerability affecting Windows deployments.
Black Duck Supply Chain Edition promises to identify open source dependencies and resolve security, quality, and license compliance risks.