#SecureDevelopmentLifecycle

Understanding Security’s New Blind Spot: Shadow Engineering

by

June 6, 2024 at 10:02AM Summary: Citizen developer applications, enabled by low-code/no-code technology, pose security risks known as “shadow engineering.” Despite potential benefits, these apps bypass traditional security measures, leaving organizations vulnerable. To mitigate risks, applying traditional security principles to these apps, empowering citizen developers, enforcing compliance, and regular monitoring are crucial. Based on the … Read more

In the rush to build AI apps, please, please don’t leave security behind

by

March 17, 2024 at 07:08AM AI developers and data scientists are urged to be mindful of security and supply-chain attacks amidst the relentless progress in AI technology. With a growing threat of malware in models and libraries, cybersecurity and AI startups are emerging to address the vulnerability. Ensuring supply-chain security in the AI community is … Read more

Software Supply Chain Security Startup Kusari Raises $8 Million 

by

January 18, 2024 at 10:00AM Kusari, a software supply chain security startup, has secured $8 million in pre-seed and seed funding led by J2 Ventures and Glasswing Ventures, with support from Unusual Ventures. Founded by members of OpenSSF and CNCF, Kusari aims to provide transparency in the software supply chain with its GUAC tool, reducing … Read more

CISA Debuts ‘Secure by Design’ Alert Series

by

November 30, 2023 at 06:06AM The US cybersecurity agency CISA launched Secure by Design (SbD) alerts, encouraging software manufacturers to build products with proactive security measures to mitigate vulnerabilities, particularly in web management interfaces. The new alerts focus on vendor practices that can globally reduce harm, emphasizing the need for default security features, customer security … Read more

Ex-Cybersecurity Adviser to Bush, Obama Weighs in On Current Admin

by

November 29, 2023 at 06:33PM Former White House Cybersecurity Chief Melissa Hathaway, active in cybersecurity policy advisory, comments on the evolving digital threat landscape. She highlights ransomware sophistication, third-party supplier vulnerabilities, and underlines current administration efforts to make companies more security responsible. Hathaway also stresses the strategic digital advancements of China and expresses concerns over … Read more